Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1504435
MD5:067cd464a3b3fd735086e5cf38135190
SHA1:4e686f7b6d5c58bb865446b413ec52cac18e3e92
SHA256:812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6752 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 067CD464A3B3FD735086E5CF38135190)
    • msedge.exe (PID: 5040 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7196 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1988,i,1271738276480528832,4553213145392779681,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 4856 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 332 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7228 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8568 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad1584df-582f-496e-af0b-964d90181397} 7228 "\\.\pipe\gecko-crash-server-pipe.7228" 25460f69310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8828 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20230927232528 -prefsHandle 4356 -prefMapHandle 4360 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6502ddd-fe90-4b0f-af1c-6f48a17acc75} 7228 "\\.\pipe\gecko-crash-server-pipe.7228" 25473238b10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7220 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7532 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8320 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6612 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8340 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6792 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 9000 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6360 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 9080 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6360 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 8160 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6924 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8228 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1396 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1736 --field-trial-handle=2056,i,17931448310344112427,16031678975376924167,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 9104 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5332 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2136,i,15837944126860083390,5752980897279623933,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 26%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_007ADBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B68EE FindFirstFileW,FindClose,0_2_007B68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_007B698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007AD076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007AD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007B9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007B979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_007B9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_007B5C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 95MB
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.206
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_007BCE44
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=44Ap4U4Vt2uZA1A&MD=yAEX6kug HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726085762&P2=404&P3=2&P4=bKK1RGo50h%2bFPf%2b%2f17tl%2bR9RTyRLb4zh96IDhlKMYbmTXQYGik34zlBh7s9pU0owiycjYnsN2e72XcvhHlNXng%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: /7KUNmO5hnI60c14lLNdYySec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=44Ap4U4Vt2uZA1A&MD=yAEX6kug HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000007.00000003.2021152501.000002546DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866885968.000002546DD50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000007.00000003.2021152501.000002546DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866885968.000002546DD50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000007.00000003.1767938799.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052344161.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817512642.00000254718F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000007.00000003.1767938799.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052344161.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817512642.00000254718F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000007.00000003.2051535688.0000025471DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817555952.00000254718A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1767938799.00000254718F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Length: 326Content-Type: text/html; charset=us-asciiDate: Wed, 04 Sep 2024 20:17:08 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.84112317.1725481028.ef98415Access-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: *Access-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
Source: firefox.exe, 00000007.00000003.1820316824.000002546E5D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2053996356.000002546E5CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866022648.000002546E5D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2020688992.000002546E5CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2339723411.000002546E5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000007.00000003.2055812636.000002546CFC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2339777648.000002546CF90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2053498553.0000025470C66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2055995420.000002546CF90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2117622134.000002546CF90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000007.00000003.2054053694.000002546DD9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000007.00000003.2049526575.000002547321E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000007.00000003.2049526575.000002547321E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000007.00000003.2049526575.000002547321E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000007.00000003.2049526575.000002547321E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000007.00000003.2049526575.000002547321E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000007.00000003.2049526575.000002547321E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000007.00000003.2049526575.000002547321E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000007.00000003.2049526575.000002547321E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000007.00000003.2049526575.000002547321E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000007.00000003.2049526575.000002547321E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000007.00000003.2049526575.000002547321E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000007.00000003.2118783187.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868438651.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362353888.000002546C654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000007.00000003.1813910440.0000025472D3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2020622745.000002546E5F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2117622134.000002546CF90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362227740.000002546E5F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000007.00000003.1859341755.0000025472CA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000007.00000003.2117622134.000002546CF90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000007.00000003.1766167201.00000254732D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000007.00000003.1766167201.00000254732D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000007.00000003.2338571386.000002546E074000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2337981859.000002546E074000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2338685774.000002546E074000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2338600966.000002546E02E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2338387453.000002546E074000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2338095392.000002546E074000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2339066947.000002546E074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: firefox.exe, 00000007.00000003.1869394147.000002546C626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000007.00000003.2362353888.000002546C681000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2117897729.000002546C681000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868119946.000002546C681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000007.00000003.1869394147.000002546C626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000007.00000003.2362353888.000002546C681000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2117897729.000002546C681000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868119946.000002546C681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000007.00000003.1869394147.000002546C626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000007.00000003.1813636092.0000025472D92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2053128228.0000025471257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2388045408.00000254710BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2363011038.000002546E3CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1766167201.0000025473270000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1803475674.00000254710D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1725424726.0000025471087000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1813848110.0000025472D50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1858787010.0000025473229000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2046395377.0000025472FC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1725626150.000002546E3F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2047171539.00000254710DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2047171539.00000254710BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1766167201.00000254732CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817942239.0000025471211000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2339440513.0000025472FC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1725424726.00000254710D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1813719869.0000025472D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2060219501.0000025471A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1813361882.0000025472FC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2386006915.0000025471A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000007.00000003.2118783187.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868438651.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362353888.000002546C654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000007.00000003.2118783187.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868438651.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362353888.000002546C654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000007.00000003.2352619624.000002546E040000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: firefox.exe, 00000007.00000003.2354035343.000002546E032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
Source: firefox.exe, 00000007.00000003.2354035343.000002546E032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.come
Source: firefox.exe, 00000007.00000003.2334209169.000002546E036000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2338788237.000002546E02E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2336076808.000002546E034000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000007.00000003.2338717217.000002546E02E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com(
Source: firefox.exe, 00000007.00000003.2334209169.000002546E036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com-usJl
Source: firefox.exe, 00000007.00000003.2339066947.000002546E074000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2336229543.000002546E031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000007.00000003.2339066947.000002546E074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersbrew.
Source: firefox.exe, 00000007.00000003.2351859059.000002546E035000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2351947953.000002546E035000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2352021737.000002546E035000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2338717217.000002546E02E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2334209169.000002546E036000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2335530760.000002546E034000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2338788237.000002546E02E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comT
Source: firefox.exe, 00000007.00000003.2335874014.000002546E034000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comedQl
Source: firefox.exe, 00000007.00000003.2347018535.000002546E02B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2346877331.000002546E02A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2347056863.000002546E034000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: firefox.exe, 00000007.00000003.2347018535.000002546E02B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2346877331.000002546E02A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2347056863.000002546E034000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cnT
Source: firefox.exe, 00000007.00000003.2347018535.000002546E02B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2346877331.000002546E02A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2347056863.000002546E034000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnmOl
Source: firefox.exe, 00000007.00000003.2347018535.000002546E02B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2346877331.000002546E02A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2347056863.000002546E034000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnmsl
Source: firefox.exe, 00000007.00000003.2345654076.000002546E030000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.krT
Source: firefox.exe, 00000007.00000003.2118783187.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868438651.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362353888.000002546C654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000007.00000003.2358638165.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358156369.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358930316.000002546E033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: firefox.exe, 00000007.00000003.2358638165.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358156369.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358930316.000002546E033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/0
Source: firefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/8
Source: firefox.exe, 00000007.00000003.2358638165.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358156369.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358930316.000002546E033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/FT
Source: firefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/H
Source: firefox.exe, 00000007.00000003.2358638165.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358156369.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358930316.000002546E033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/R.TTFT
Source: firefox.exe, 00000007.00000003.2358930316.000002546E033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0/
Source: firefox.exe, 00000007.00000003.2358638165.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358930316.000002546E033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/ldil
Source: firefox.exe, 00000007.00000003.2359610389.000002546E035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp8
Source: firefox.exe, 00000007.00000003.2358156369.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ldil
Source: firefox.exe, 00000007.00000003.2337782247.000002546E02C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2337556923.000002546E02A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2337930421.000002546E02C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2337691086.000002546E02C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
Source: firefox.exe, 00000007.00000003.2351170994.000002546E04E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2351483939.000002546E04F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.U
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000007.00000003.1862657033.0000025471211000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1755298025.00000254733BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2019577388.00000254711C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2053211840.00000254711C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817942239.0000025471211000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2046427320.0000025472F21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1818585951.00000254711C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1766167201.00000254732A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2019090124.0000025472F21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1813210508.00000254733BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000007.00000003.2334616068.000002546E036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: firefox.exe, 00000007.00000003.2334616068.000002546E036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com0
Source: firefox.exe, 00000007.00000003.2334616068.000002546E036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comTQl
Source: firefox.exe, 00000007.00000003.2334743148.000002546E036000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2334824909.000002546E036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.combl
Source: firefox.exe, 00000007.00000003.2345654076.000002546E030000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: firefox.exe, 00000011.00000003.1755881449.000001F6A64FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.1754358123.000001F6A64FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910149750.000001F6A64FC000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.7.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000007.00000003.2348959532.000002546E02E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: firefox.exe, 00000007.00000003.2348959532.000002546E02E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000007.00000003.1713075255.000002546E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716425735.000002547096C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716588349.0000025470981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716212490.0000025470957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715410345.000002547092C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715991997.0000025470941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715044362.0000025470917000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000007.00000003.1812922330.00000254733E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2047789108.00000254733E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2046092013.00000254733E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1755298025.00000254733E3000.00000004.00000800.00020000.00000000.sdmp, Session_13369954559325974.6.drString found in binary or memory: https://accounts.google.com
Source: 000003.log3.6.dr, Session_13369954559325974.6.drString found in binary or memory: https://accounts.google.com/
Source: History.6.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 0000000C.00000002.2905365767.0000023715B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?se
Source: History.6.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13369954559325974.6.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.6.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000003.1652242472.0000000001203000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1653236865.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1653435590.0000000001203000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1658845231.0000021F9E732000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1654045901.0000021F9E72D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000C.00000002.2905365767.0000023715B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_C
Source: firefox.exe, 00000011.00000002.2904359818.000001F6A583A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_C=
Source: History.6.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000007.00000003.2051535688.0000025471DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817555952.00000254718A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1767938799.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052344161.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817512642.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052533068.00000254718A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000007.00000003.2117622134.000002546CF90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2339723411.000002546E5D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000007.00000003.2021494659.000002546CFD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000007.00000003.2053996356.000002546E5CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2339723411.000002546E5D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000007.00000003.2053996356.000002546E5CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2339723411.000002546E5D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 00000007.00000003.2048180722.000002546CFDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2021494659.000002546CFDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2055410207.000002546CFDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://bard.google.com/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000007.00000003.1867751832.000002546C6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906124447.0000023715EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5BCF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.7.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 00000007.00000003.1867751832.000002546C6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906124447.0000023715EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5BCF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.7.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 00000007.00000003.1767286852.00000254721DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: Reporting and NEL.6.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.6.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.6.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 7ab69735-c735-449c-a39e-721cdf1e3a90.tmp.8.dr, Network Persistent State0.6.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.6.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.6.drString found in binary or memory: https://chromewebstore.google.com/
Source: cbf5fce7-89b4-4f3a-b8f4-4d48d95f77a7.tmp.8.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.6.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: cbf5fce7-89b4-4f3a-b8f4-4d48d95f77a7.tmp.8.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000007.00000003.1713075255.000002546E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716425735.000002547096C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716588349.0000025470981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716212490.0000025470957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715410345.000002547092C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715991997.0000025470941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715044362.0000025470917000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000007.00000003.1867751832.000002546C6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906124447.0000023715EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5BCF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.7.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000007.00000003.1867751832.000002546C6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906124447.0000023715EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5BCF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.7.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.6.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.6.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.6.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.6.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json.6.drString found in binary or memory: https://docs.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000007.00000003.1713075255.000002546E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716425735.000002547096C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716588349.0000025470981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716212490.0000025470957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715410345.000002547092C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715991997.0000025470941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2339777648.000002546CF90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2021753091.000002546CF90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2055995420.000002546CF90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1867548857.000002546CF90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2117622134.000002546CF90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715044362.0000025470917000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.6.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.6.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.6.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000007.00000003.2119221154.0000025470831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1799648626.0000025470839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1865829308.000002546F090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2016547788.0000025470834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1718893461.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1722413006.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1721629584.000002547082D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1720298003.000002547081A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000007.00000003.2118783187.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868438651.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362353888.000002546C654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000007.00000003.2118783187.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868438651.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362353888.000002546C654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log0.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.6.dr, 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.6.dr, 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.6.dr, 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.6.dr, 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.6.dr, 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.6.dr, 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.6.dr, 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: firefox.exe, 00000007.00000003.2119221154.0000025470831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1799648626.0000025470839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1865829308.000002546F090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2016547788.0000025470834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1718893461.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1722413006.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1721629584.000002547082D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1720298003.000002547081A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000007.00000003.2021494659.000002546CFD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000007.00000003.2021494659.000002546CFD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000007.00000003.2021494659.000002546CFD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: cbf5fce7-89b4-4f3a-b8f4-4d48d95f77a7.tmp.8.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000007.00000003.1713075255.000002546E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716425735.000002547096C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716212490.0000025470957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715410345.000002547092C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715991997.0000025470941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715044362.0000025470917000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000007.00000003.1813210508.00000254733BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 00000007.00000003.2050893758.0000025472B3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1860132792.0000025472B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1814368450.0000025472B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1766700495.0000025472B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1756109019.0000025472B53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: firefox.exe, 00000007.00000003.2050893758.0000025472B3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1860132792.0000025472B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1814368450.0000025472B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1766700495.0000025472B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1756109019.0000025472B53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/PC
Source: firefox.exe, 00000007.00000003.1814368450.0000025472B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1766700495.0000025472B53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1756109019.0000025472B53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.comP-
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.7.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000007.00000003.1867660394.000002546C7FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000007.00000003.2117622134.000002546CF90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000007.00000003.1767396880.0000025471FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000007.00000003.2021706578.000002546CFAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1767286852.00000254721DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000007.00000003.1858250643.000002547332A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://m.kugou.com/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://m.soundcloud.com/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000007.00000003.2119221154.0000025470831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1799648626.0000025470839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1865829308.000002546F090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2016547788.0000025470834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1718893461.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1722413006.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1721629584.000002547082D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1720298003.000002547081A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000007.00000003.2119221154.0000025470831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1799648626.0000025470839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1865829308.000002546F090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2016547788.0000025470834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1718893461.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1722413006.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1721629584.000002547082D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1720298003.000002547081A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000007.00000003.2118783187.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868438651.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362353888.000002546C654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000007.00000003.2119221154.0000025470831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1799648626.0000025470839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1865829308.000002546F090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2016547788.0000025470834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1718893461.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1722413006.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1721629584.000002547082D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1720298003.000002547081A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000007.00000003.2118783187.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868438651.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362353888.000002546C654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 0000000C.00000002.2906124447.0000023715E72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2046918139.000002546F0AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2053781675.000002546F0AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2020357977.000002546F0B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://music.amazon.com
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://music.apple.com
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://open.spotify.com
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000007.00000003.2119221154.0000025470831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1799648626.0000025470839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1865829308.000002546F090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2016547788.0000025470834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1718893461.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1722413006.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1721629584.000002547082D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1720298003.000002547081A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000007.00000003.2119221154.0000025470831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1799648626.0000025470839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1865829308.000002546F090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2016547788.0000025470834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1718893461.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1722413006.0000025470833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1721629584.000002547082D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1720298003.000002547081A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000007.00000003.2118783187.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868438651.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362353888.000002546C654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000007.00000003.2053732731.000002546F0F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000007.00000003.2053890132.000002546F096000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000007.00000003.2053890132.000002546F096000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000007.00000003.2053890132.000002546F096000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000007.00000003.2053890132.000002546F096000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000007.00000003.2053498553.0000025470C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2053890132.000002546F096000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000007.00000003.2053890132.000002546F096000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000007.00000003.1715044362.0000025470917000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000007.00000003.2048018559.000002546F0AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1865660340.000002546F0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2117029580.000002546F0AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2046918139.000002546F0AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2053781675.000002546F0AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2020357977.000002546F0B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.comcalc(calc(16px
Source: firefox.exe, 00000007.00000003.2021152501.000002546DD89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000007.00000003.2054605852.000002546DD07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000007.00000003.1817555952.000002547187F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052533068.000002547187F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000007.00000003.1817555952.000002547187F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052533068.000002547187F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000007.00000003.2051535688.0000025471DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000007.00000003.2051535688.0000025471DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817555952.00000254718A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1767938799.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052344161.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817512642.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052533068.00000254718A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000007.00000003.2050529218.0000025472C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1814098510.0000025472C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000007.00000003.1814008995.0000025472D17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866885968.000002546DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmp, 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://web.telegram.org/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000007.00000003.1867751832.000002546C6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906124447.0000023715EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5BCF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.7.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000007.00000003.1713075255.000002546E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716425735.000002547096C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716588349.0000025470981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716212490.0000025470957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715410345.000002547092C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715991997.0000025470941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817555952.000002547187F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052533068.000002547187F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715044362.0000025470917000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000007.00000003.1820316824.000002546E5E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866022648.000002546E5E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000007.00000003.1867751832.000002546C6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906124447.0000023715EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5BCF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.7.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: content.js.6.dr, content_new.js.6.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000007.00000003.1713075255.000002546E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716425735.000002547096C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716588349.0000025470981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716212490.0000025470957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715410345.000002547092C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715991997.0000025470941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715044362.0000025470917000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.6.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000007.00000003.1713075255.000002546E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716425735.000002547096C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716588349.0000025470981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716212490.0000025470957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715410345.000002547092C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715991997.0000025470941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715044362.0000025470917000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.instagram.com
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.last.fm/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000007.00000003.2118783187.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362353888.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868377060.000002546C65E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906124447.0000023715EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5BCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000C.00000002.2906124447.0000023715EC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/65e71c9e-6ac3-4903-9066-b134350de32c
Source: firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000007.00000003.1820316824.000002546E5E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1857374904.000030B3D2103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866022648.000002546E5E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.office.com
Source: Top Sites.6.drString found in binary or memory: https://www.office.com/
Source: Top Sites.6.drString found in binary or memory: https://www.office.com/Office
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000007.00000003.1817555952.000002547187F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052533068.000002547187F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866885968.000002546DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.tiktok.com/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866885968.000002546DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: 6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_007BEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_007BED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_007BEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_007AAA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_007D9576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_0f338e28-b
Source: file.exe, 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_c8a34ffc-1
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a0815cec-5
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_9b60bbb1-9
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001F6A62092B7 NtQuerySystemInformation,17_2_000001F6A62092B7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001F6A6226A72 NtQuerySystemInformation,17_2_000001F6A6226A72
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_007AD5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_007A1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_007AE8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007480600_2_00748060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20460_2_007B2046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A82980_2_007A8298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0077E4FF0_2_0077E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0077676B0_2_0077676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D48730_2_007D4873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0074CAF00_2_0074CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0076CAA00_2_0076CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0075CC390_2_0075CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00776DD90_2_00776DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0075B1190_2_0075B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007491C00_2_007491C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007613940_2_00761394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007617060_2_00761706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0076781B0_2_0076781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0075997D0_2_0075997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007479200_2_00747920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007619B00_2_007619B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00767A4A0_2_00767A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00761C770_2_00761C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00767CA70_2_00767CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CBE440_2_007CBE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00779EEE0_2_00779EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00761F320_2_00761F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001F6A62092B717_2_000001F6A62092B7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001F6A6226A7217_2_000001F6A6226A72
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001F6A622719C17_2_000001F6A622719C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001F6A6226AB217_2_000001F6A6226AB2
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0075F9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00760A30 appears 46 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal68.evad.winEXE@72/334@29/21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B37B5 GetLastError,FormatMessageW,0_2_007B37B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A10BF AdjustTokenPrivileges,CloseHandle,0_2_007A10BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_007A16C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_007B51CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_007AD4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_007B648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007442A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_007442A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D8BFFB-13B0.pmaJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Temp\cdfdf3d9-f353-421d-9f5c-6e18697c141b.tmpJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Login Data.6.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exeReversingLabs: Detection: 26%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1988,i,1271738276480528832,4553213145392779681,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6612 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6792 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad1584df-582f-496e-af0b-964d90181397} 7228 "\\.\pipe\gecko-crash-server-pipe.7228" 25460f69310 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6360 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6360 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20230927232528 -prefsHandle 4356 -prefMapHandle 4360 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6502ddd-fe90-4b0f-af1c-6f48a17acc75} 7228 "\\.\pipe\gecko-crash-server-pipe.7228" 25473238b10 rdd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1736 --field-trial-handle=2056,i,17931448310344112427,16031678975376924167,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2136,i,15837944126860083390,5752980897279623933,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6924 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1988,i,1271738276480528832,4553213145392779681,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6612 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6792 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6360 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6360 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6924 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad1584df-582f-496e-af0b-964d90181397} 7228 "\\.\pipe\gecko-crash-server-pipe.7228" 25460f69310 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20230927232528 -prefsHandle 4356 -prefMapHandle 4360 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6502ddd-fe90-4b0f-af1c-6f48a17acc75} 7228 "\\.\pipe\gecko-crash-server-pipe.7228" 25473238b10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1736 --field-trial-handle=2056,i,17931448310344112427,16031678975376924167,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2136,i,15837944126860083390,5752980897279623933,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007442DE
Source: gmpopenh264.dll.tmp.7.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00760A76 push ecx; ret 0_2_00760A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0075F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0075F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_007D1C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95647
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001F6A62092B7 rdtsc 17_2_000001F6A62092B7
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.3 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_007ADBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B68EE FindFirstFileW,FindClose,0_2_007B68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_007B698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007AD076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007AD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007B9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007B979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_007B9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_007B5C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007442DE
Source: firefox.exe, 00000011.00000002.2904359818.000001F6A583A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW 8
Source: firefox.exe, 0000000C.00000002.2905365767.0000023715B4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWo
Source: firefox.exe, 0000000C.00000002.2905365767.0000023715B4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: firefox.exe, 0000000C.00000002.2909240177.0000023716100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
Source: firefox.exe, 0000000C.00000002.2909240177.0000023716100000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2908341576.000001F6A6080000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000C.00000002.2908637911.0000023716021000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000011.00000002.2908341576.000001F6A6080000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll>gN,
Source: firefox.exe, 0000000C.00000002.2909240177.0000023716100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000C.00000002.2909240177.0000023716100000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2908341576.000001F6A6080000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001F6A62092B7 rdtsc 17_2_000001F6A62092B7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BEAA2 BlockInput,0_2_007BEAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00772622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00772622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007442DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00764CE8 mov eax, dword ptr fs:[00000030h]0_2_00764CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_007A0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00772622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00772622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0076083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0076083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007609D5 SetUnhandledExceptionFilter,0_2_007609D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00760C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00760C21

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_007A1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00782BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00782BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AB226 SendInput,keybd_event,0_2_007AB226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_007C22DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_007A0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_007A1663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00760698 cpuid 0_2_00760698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_007B8195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079D27A GetUserNameW,0_2_0079D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0077BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0077BB6F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007442DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_007C1204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_007C1806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1504435 Sample: file.exe Startdate: 04/09/2024 Architecture: WINDOWS Score: 68 48 telemetry-incoming.r53-2.services.mozilla.com 2->48 50 sni1gl.wpc.nucdn.net 2->50 52 13 other IPs or domains 2->52 70 Multi AV Scanner detection for submitted file 2->70 72 Binary is likely a compiled AutoIt script file 2->72 74 Machine Learning detection for sample 2->74 76 AI detected suspicious sample 2->76 8 file.exe 1 2->8         started        11 msedge.exe 150 525 2->11         started        14 firefox.exe 1 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 78 Binary is likely a compiled AutoIt script file 8->78 80 Found API chain indicative of sandbox detection 8->80 18 msedge.exe 16 8->18         started        20 firefox.exe 1 8->20         started        66 192.168.2.4, 138, 443, 49560 unknown unknown 11->66 68 239.255.255.250 unknown Reserved 11->68 82 Maps a DLL or memory area into another process 11->82 22 msedge.exe 11->22         started        25 msedge.exe 11->25         started        27 msedge.exe 11->27         started        36 3 other processes 11->36 29 firefox.exe 3 93 14->29         started        32 msedge.exe 16->32         started        34 msedge.exe 16->34         started        signatures6 process7 dnsIp8 38 msedge.exe 18->38         started        54 13.107.246.40, 443, 49774, 49775 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->54 56 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49767, 49768 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->56 62 15 other IPs or domains 22->62 58 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49752, 49761, 49804 GOOGLEUS United States 29->58 60 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 49813, 49814 GOOGLEUS United States 29->60 64 5 other IPs or domains 29->64 44 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->44 dropped 46 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->46 dropped 40 firefox.exe 29->40         started        42 firefox.exe 29->42         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe26%ReversingLabs
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
http://detectportal.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://spocs.getpocket.com/spocs0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://profiler.firefox.com/0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://services.addons.mozilla.org0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/cnT0%Avira URL Cloudsafe
http://www.fontbureau.com/designers0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://fpn.firefox.com0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%Avira URL Cloudsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://www.youtube.com0%Avira URL Cloudsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
https://chromewebstore.google.com/0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://spocs.getpocket.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%URL Reputationsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://monitor.firefox.com/about0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/80%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
https://www.openh264.org/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/00%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://gaana.com/0%URL Reputationsafe
http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://i.y.qq.com/n2/m/index.html0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
http://exslt.org/sets0%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
http://exslt.org/common0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
http://www.carterandcone.come0%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
http://exslt.org/dates-and-times0%Avira URL Cloudsafe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/H0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/R.TTFT0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/ldil0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/Y0/0%Avira URL Cloudsafe
https://amazon.com0%Avira URL Cloudsafe
https://chrome.google.com/webstore/0%Avira URL Cloudsafe
http://www.sajatypeworks.combl0%Avira URL Cloudsafe
https://bard.google.com/0%Avira URL Cloudsafe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
https://www.office.com0%Avira URL Cloudsafe
http://www.monotype.U0%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
https://monitor.firefox.com/user/dashboard0%Avira URL Cloudsafe
https://login.microsoftonline.com0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%Avira URL Cloudsafe
https://tidal.com/0%Avira URL Cloudsafe
https://coverage.mozilla.org0%Avira URL Cloudsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		unknown
    chrome.cloudflare-dns.com
    		162.159.61.3
    		truefalse
      		unknown
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		unknown
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		unknown
          prod.detectportal.prod.cloudops.mozgcp.net
          		34.107.221.82
          		truefalse
            		unknown
            services.addons.mozilla.org
            		52.222.236.120
            		truefalse
              		unknown
              ipv4only.arpa
              		192.0.0.170
              		truefalse
                		unknown
                prod.remote-settings.prod.webservices.mozgcp.net
                		34.149.100.209
                		truefalse
                  		unknown
                  googlehosted.l.googleusercontent.com
                  		142.250.185.225
                  		truefalse
                    		unknown
                    sni1gl.wpc.nucdn.net
                    		152.199.21.175
                    		truefalse
                      		unknown
                      s-part-0032.t-0009.t-msedge.net
                      		13.107.246.60
                      		truefalse
                        		unknown
                        telemetry-incoming.r53-2.services.mozilla.com
                        		34.120.208.123
                        		truefalse
                          		unknown
                          detectportal.firefox.com
                          		unknown
                          		unknownfalse
                            		unknown
                            clients2.googleusercontent.com
                            		unknown
                            		unknownfalse
                              		unknown
                              bzib.nelreports.net
                              		unknown
                              		unknownfalse
                                		unknown
                                firefox.settings.services.mozilla.com
                                		unknown
                                		unknownfalse
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://www.google.com/favicon.icofalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bzib.nelreports.net/api/report?cat=bingbusinessfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://duckduckgo.com/chrome_newtabWeb Data.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://duckduckgo.com/ac/?q=Web Data.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://detectportal.firefox.com/firefox.exe, 00000007.00000003.1859341755.0000025472CA3000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.orgfirefox.exe, 00000007.00000003.2021152501.000002546DD89000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.mozilla.com0firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 00000007.00000003.1867751832.000002546C6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906124447.0000023715EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5BCF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.founder.com.cn/cn/cnTfirefox.exe, 00000007.00000003.2347018535.000002546E02B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2346877331.000002546E02A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2347056863.000002546E034000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000C.00000002.2906124447.0000023715E72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.6.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designersfirefox.exe, 00000007.00000003.2339066947.000002546E074000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2336229543.000002546E031000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://spocs.getpocket.com/spocsfirefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://docs.google.com/manifest.json.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://screenshots.firefox.comfirefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.youtube.com6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://completion.amazon.com/search/complete?q=firefox.exe, 00000007.00000003.1713075255.000002546E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716425735.000002547096C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716588349.0000025470981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716212490.0000025470957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715410345.000002547092C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715991997.0000025470941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715044362.0000025470917000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000007.00000003.2051535688.0000025471DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817555952.00000254718A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1767938799.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052344161.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817512642.00000254718F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052533068.00000254718A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.instagram.com6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/8firefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/breach-details/firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/0firefox.exe, 00000007.00000003.2358638165.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358156369.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358930316.000002546E033000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000007.00000003.1713075255.000002546E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716425735.000002547096C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716588349.0000025470981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716212490.0000025470957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715410345.000002547092C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715991997.0000025470941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817555952.000002547187F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052533068.000002547187F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715044362.0000025470917000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://profiler.firefox.com/firefox.exe, 00000007.00000003.2053732731.000002546F0F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.msn.comfirefox.exe, 00000007.00000003.1820316824.000002546E5E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1857374904.000030B3D2103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866022648.000002546E5E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://outlook.office.com/mail/compose?isExtension=true6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 00000007.00000003.1713075255.000002546E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716425735.000002547096C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1716212490.0000025470957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715410345.000002547092C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715991997.0000025470941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1715044362.0000025470917000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.zhongyicts.com.cnfirefox.exe, 00000007.00000003.2348959532.000002546E02E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://exslt.org/setsfirefox.exe, 00000007.00000003.1869394147.000002546C626000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://i.y.qq.com/n2/m/index.html6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.deezer.com/6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 00000007.00000003.1867751832.000002546C6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906124447.0000023715EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5BCF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://web.telegram.org/6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.carterandcone.comefirefox.exe, 00000007.00000003.2354035343.000002546E032000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://api.accounts.firefox.com/v1firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://exslt.org/commonfirefox.exe, 00000007.00000003.1869394147.000002546C626000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-2.corp.google.com/manifest.json.6.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://fpn.firefox.comfirefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://exslt.org/dates-and-timesfirefox.exe, 00000007.00000003.2362353888.000002546C681000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2117897729.000002546C681000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868119946.000002546C681000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 00000007.00000003.1867751832.000002546C6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906124447.0000023715EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2905414326.000001F6A5BCF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/Hfirefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-1.corp.google.com/manifest.json.6.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://excel.new?from=EdgeM365Shoreline6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.youtube.com/firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866885968.000002546DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2054605852.000002546DD50000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-5.corp.google.com/manifest.json.6.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/R.TTFTfirefox.exe, 00000007.00000003.2358638165.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358156369.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2358930316.000002546E033000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://127.0.0.1:firefox.exe, 00000007.00000003.1820316824.000002546E5D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2053996356.000002546E5CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1866022648.000002546E5D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2020688992.000002546E5CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2339723411.000002546E5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bugzilla.mofirefox.exe, 00000007.00000003.1767286852.00000254721DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/ldilfirefox.exe, 00000007.00000003.2358156369.000002546E032000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2357873442.000002546E032000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://mitmdetection.services.mozilla.com/firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/Y0/firefox.exe, 00000007.00000003.2358930316.000002546E033000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://amazon.comfirefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000007.00000003.2051535688.0000025471DBA000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sajatypeworks.comblfirefox.exe, 00000007.00000003.2334743148.000002546E036000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2334824909.000002546E036000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chromewebstore.google.com/manifest.json0.6.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://drive-preprod.corp.google.com/manifest.json.6.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://chrome.google.com/webstore/manifest.json0.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://spocs.getpocket.com/firefox.exe, 00000007.00000003.1866122234.000002546E5B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://bard.google.com/6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.monotype.Ufirefox.exe, 00000007.00000003.2351170994.000002546E04E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2351483939.000002546E04F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.office.com6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/0/6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000007.00000003.2054605852.000002546DD07000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000007.00000003.2118783187.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1868438651.000002546C654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2362353888.000002546C654000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://tidal.com/6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/aboutfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://mozilla.org/MPL/2.0/.firefox.exe, 00000007.00000003.1813636092.0000025472D92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2053128228.0000025471257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2388045408.00000254710BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2363011038.000002546E3CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1766167201.0000025473270000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1803475674.00000254710D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1725424726.0000025471087000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1813848110.0000025472D50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1858787010.0000025473229000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2046395377.0000025472FC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1725626150.000002546E3F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2047171539.00000254710DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2047171539.00000254710BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1766167201.00000254732CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1817942239.0000025471211000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2339440513.0000025472FC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1725424726.00000254710D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1813719869.0000025472D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2060219501.0000025471A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.1813361882.0000025472FC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2386006915.0000025471A11000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.openh264.org/firefox.exe, 00000007.00000003.1817555952.000002547187F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000003.2052533068.000002547187F000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://gaana.com/6393fa52-1047-4669-9a07-ddc639533068.tmp.6.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://login.microsoftonline.comfirefox.exe, 00000007.00000003.1858250643.000002547332A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://coverage.mozilla.orgfirefox.exe, 0000000C.00000002.2905848433.0000023715C90000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2908563941.000001F6A6180000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000007.00000003.2059059765.0000025472200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  13.107.246.40
                                  		unknownUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  152.195.19.97
                                  		unknownUnited States
                                  		15133EDGECASTUSfalse
                                  172.253.63.84
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  13.107.246.60
                                  		s-part-0032.t-0009.t-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  142.250.185.225
                                  		googlehosted.l.googleusercontent.comUnited States
                                  		15169GOOGLEUSfalse
                                  23.219.161.132
                                  		unknownUnited States
                                  		20940AKAMAI-ASN1EUfalse
                                  162.159.61.3
                                  		chrome.cloudflare-dns.comUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  52.222.236.120
                                  		services.addons.mozilla.orgUnited States
                                  		16509AMAZON-02USfalse
                                  172.64.41.3
                                  		unknownUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  34.120.208.123
                                  		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                  		15169GOOGLEUSfalse
                                  34.149.100.209
                                  		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                  		2686ATGS-MMD-ASUSfalse
                                  34.107.221.82
                                  		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  23.43.85.10
                                  		unknownUnited States
                                  		3257GTT-BACKBONEGTTDEfalse
                                  142.251.40.164
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  35.244.181.201
                                  		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.65.206
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.81.234
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  35.190.72.216
                                  		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse

                                  Private

                                  IP
                                  192.168.2.4
                                  127.0.0.1

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1504435
                                  Start date and time:2024-09-04 22:15:07 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 6m 40s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:27
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:file.exe
                                  Detection:MAL
                                  Classification:mal68.evad.winEXE@72/334@29/21
                                  EGA Information:
                                  • Successful, ratio: 66.7%
                                  HCA Information:
                                  • Successful, ratio: 96%
                                  • Number of executed functions: 36
                                  • Number of non-executed functions: 311
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 66.102.1.84, 204.79.197.239, 13.107.21.239, 142.250.184.206, 13.107.6.158, 2.19.126.152, 2.19.126.145, 216.58.212.163, 2.23.209.176, 2.23.209.189, 2.23.209.149, 2.23.209.182, 2.23.209.130, 2.23.209.185, 2.23.209.158, 2.23.209.135, 2.23.209.177, 20.223.35.26, 87.248.205.0, 192.229.221.95, 2.18.121.73, 2.18.121.79, 172.217.16.206, 216.58.206.78, 142.251.40.163, 142.251.41.3, 142.251.40.131
                                  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, edgeassetservice.afd.azureedge.net, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, arc.msn.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bzib.nelreports.net.akamaized.net, fonts.gstatic.com, wildcardtlu-ssl.ec.azureedge.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, detectportal.prod.mozaws.net, www-www.bing.com.trafficmanager.net, edge.microsoft.com,
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtCreateFile calls found.
                                  • Report size getting too big, too many NtOpenFile calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: file.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  21:16:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                  21:16:14AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                  • www.aib.gov.uk/
                                  NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zs
                                  PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/42Q
                                  06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zk
                                  Quotation.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zM
                                  152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                                  • www.ust.com/
                                  13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
                                  • www.mimecast.com/Customers/Support/Contact-support/
                                  http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
                                  • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  chrome.cloudflare-dns.comfile.exeGet hashmaliciousCoinhive, XmrigBrowse
                                  • 162.159.61.3
                                  OmteV2.exeGet hashmaliciousLummaC StealerBrowse
                                  • 162.159.61.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  example.orgfile.exeGet hashmaliciousCoinhive, XmrigBrowse
                                  • 93.184.215.14
                                  https://onedrive.live.com/view.aspx?resid=7AEF24C2ECCBD3A%21123&authkey=!ABehDrl0wDeSrDgGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  services.addons.mozilla.orgfile.exeGet hashmaliciousCoinhive, XmrigBrowse
                                  • 18.65.39.85
                                  https://onedrive.live.com/view.aspx?resid=7AEF24C2ECCBD3A%21123&authkey=!ABehDrl0wDeSrDgGet hashmaliciousUnknownBrowse
                                  • 3.164.68.65
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 18.65.39.4
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 18.65.39.112
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.80
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.23
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 18.65.39.85
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.80
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 18.65.39.31
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.23

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  CLOUDFLARENETUShttp://www.kilgorere.com/Get hashmaliciousHTMLPhisherBrowse
                                  • 172.64.145.29
                                  https://www.sitechile.cl/assets/Get hashmaliciousUnknownBrowse
                                  • 188.114.96.3
                                  http://unionadjs.comGet hashmaliciousUnknownBrowse
                                  • 172.67.70.115
                                  https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:626535c6-68da-4729-b016-6e974989fb70Get hashmaliciousLummaC StealerBrowse
                                  • 104.17.27.92
                                  https://acrobat.adobe.com/id/urn:aaid:sc:US:4a1d4a71-0ecb-4b97-81ac-6d37886bcc89Get hashmaliciousLummaC StealerBrowse
                                  • 104.17.27.92
                                  https://acrobat.adobe.com/id/urn:aaid:sc:US:6b473b2a-bd40-4154-8733-c1bbca42e1c1Get hashmaliciousLummaC StealerBrowse
                                  • 104.17.27.92
                                  Kpmg.exeGet hashmaliciousLummaCBrowse
                                  • 104.21.57.34
                                  file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                  • 162.159.61.3
                                  Employee Appraisal Egrazak Hilcorp Agreement Signature Required.pdfGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  https://bankcbnincoming.technicafundamenta.com/Get hashmaliciousHTMLPhisherBrowse
                                  • 172.64.146.38
                                  MICROSOFT-CORP-MSN-AS-BLOCKUSPlay_VM-NowCLQD.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 40.99.157.2
                                  file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                  • 94.245.104.56
                                  phish_alert_sp2_2.0.0.0 (2).emlGet hashmaliciousHTMLPhisherBrowse
                                  • 20.189.173.15
                                  https://sdrtpforez43-my.sharepoint.com/:o:/g/personal/mc_patouillard_sdrtp_fr/Eu4aJPLiigBPi9mtNardDEAB_5dKY00SBIMoxmg-wVR9zw?e=Eil2XMGet hashmaliciousUnknownBrowse
                                  • 52.108.9.12
                                  fax08-29-2024-6364544.docx.xlsxGet hashmaliciousUnknownBrowse
                                  • 13.107.246.60
                                  bad_site.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 13.107.253.42
                                  Play_VM-NowCLQD.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 13.107.246.57
                                  ZA4YYQpu14.exeGet hashmaliciousDBatLoaderBrowse
                                  • 13.107.137.11
                                  http://search.start.xyz/check.phpGet hashmaliciousUnknownBrowse
                                  • 13.107.246.44
                                  https://forms.office.com/Pages/ShareFormPage.aspx?id=ftLiCkvgmUWRfqw5YPs3_fpDqIXyltBNn_DKM6uFDvVUNlhVQ1g1MVZJWEZEOE5MVVBERkI4MVRKVC4u&sharetoken=4ily2rwaUoxDpLkfEsVoGet hashmaliciousUnknownBrowse
                                  • 20.50.201.200
                                  AKAMAI-ASN1EUhttps://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:626535c6-68da-4729-b016-6e974989fb70Get hashmaliciousLummaC StealerBrowse
                                  • 2.16.164.57
                                  https://acrobat.adobe.com/id/urn:aaid:sc:US:4a1d4a71-0ecb-4b97-81ac-6d37886bcc89Get hashmaliciousLummaC StealerBrowse
                                  • 2.16.241.12
                                  https://acrobat.adobe.com/id/urn:aaid:sc:US:6b473b2a-bd40-4154-8733-c1bbca42e1c1Get hashmaliciousLummaC StealerBrowse
                                  • 2.16.238.149
                                  file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                  • 23.59.250.122
                                  Employee Appraisal Egrazak Hilcorp Agreement Signature Required.pdfGet hashmaliciousUnknownBrowse
                                  • 2.16.241.15
                                  https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InN2ZXJiZXJuZUBod2xvY2huZXIuY29tIiwicmVxdWVzdElkIjoiNzgwMDFlMWUtY2NmYy00M2ZhLTQxYmItMjk2M2EyNGZhMWVmIiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VVM6OTk1YjVjZmEtMGYyZC00ZTljLTgwOWYtYzc5YzUxN2RlNjFkIiwibGFiZWwiOiIxMiIsImxvY2FsZSI6ImVuX1VTIn0.0EWW2z_mxehDkMMQ98vMToXInjMXe5XMr7nBZXvNhumnuPscVlD99QQVhtOQEqMfyqFH2INPck0-ahuKra8sJgGet hashmaliciousLummaC StealerBrowse
                                  • 2.16.241.6
                                  https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:d45888c7-1c94-44ce-be0c-a501f747fb8cGet hashmaliciousLummaC StealerBrowse
                                  • 2.16.164.57
                                  http://readabilityscore.comGet hashmaliciousUnknownBrowse
                                  • 172.234.222.143
                                  https://forms.office.com/Pages/ShareFormPage.aspx?id=ftLiCkvgmUWRfqw5YPs3_fpDqIXyltBNn_DKM6uFDvVUNlhVQ1g1MVZJWEZEOE5MVVBERkI4MVRKVC4u&sharetoken=4ily2rwaUoxDpLkfEsVoGet hashmaliciousUnknownBrowse
                                  • 173.222.108.160
                                  https://onedrive.live.com/view.aspx?resid=7AEF24C2ECCBD3A%21123&authkey=!ABehDrl0wDeSrDgGet hashmaliciousUnknownBrowse
                                  • 23.15.178.82
                                  EDGECASTUSPlay_VM-NowCLQD.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  https://tiangco.com/?tgc=dGVzdEB0aWFuZ2NvLmNvbS3igJxUZXN0IFVzZXI=Get hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                  • 152.195.19.97
                                  Employee Appraisal Egrazak Hilcorp Agreement Signature Required.pdfGet hashmaliciousUnknownBrowse
                                  • 93.184.221.240
                                  bad_site.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  https://telegra.ph/Payroll-Department-08-30Get hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  Play_VM-NowCLQD.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  http://www-coindesk.com/consent-formGet hashmaliciousUnknownBrowse
                                  • 152.199.22.243
                                  https://www.syf.peGet hashmaliciousUnknownBrowse
                                  • 192.229.233.34
                                  http://search.start.xyz/check.phpGet hashmaliciousUnknownBrowse
                                  • 152.199.22.144
                                  MICROSOFT-CORP-MSN-AS-BLOCKUSPlay_VM-NowCLQD.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 40.99.157.2
                                  file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                  • 94.245.104.56
                                  phish_alert_sp2_2.0.0.0 (2).emlGet hashmaliciousHTMLPhisherBrowse
                                  • 20.189.173.15
                                  https://sdrtpforez43-my.sharepoint.com/:o:/g/personal/mc_patouillard_sdrtp_fr/Eu4aJPLiigBPi9mtNardDEAB_5dKY00SBIMoxmg-wVR9zw?e=Eil2XMGet hashmaliciousUnknownBrowse
                                  • 52.108.9.12
                                  fax08-29-2024-6364544.docx.xlsxGet hashmaliciousUnknownBrowse
                                  • 13.107.246.60
                                  bad_site.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 13.107.253.42
                                  Play_VM-NowCLQD.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 13.107.246.57
                                  ZA4YYQpu14.exeGet hashmaliciousDBatLoaderBrowse
                                  • 13.107.137.11
                                  http://search.start.xyz/check.phpGet hashmaliciousUnknownBrowse
                                  • 13.107.246.44
                                  https://forms.office.com/Pages/ShareFormPage.aspx?id=ftLiCkvgmUWRfqw5YPs3_fpDqIXyltBNn_DKM6uFDvVUNlhVQ1g1MVZJWEZEOE5MVVBERkI4MVRKVC4u&sharetoken=4ily2rwaUoxDpLkfEsVoGet hashmaliciousUnknownBrowse
                                  • 20.50.201.200

                                  JA3 Fingerprints

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  28a2c9bd18a11de089ef85a160da29e4https://www.googie-anaiytics.com/html/checkcachehw.jsGet hashmaliciousUnknownBrowse
                                  • 40.127.169.103
                                  • 184.28.90.27
                                  https://packedbrick.comGet hashmaliciousUnknownBrowse
                                  • 40.127.169.103
                                  • 184.28.90.27
                                  http://www.kilgorere.com/Get hashmaliciousHTMLPhisherBrowse
                                  • 40.127.169.103
                                  • 184.28.90.27
                                  https://www.sitechile.cl/assets/Get hashmaliciousUnknownBrowse
                                  • 40.127.169.103
                                  • 184.28.90.27
                                  http://staticfile.orgGet hashmaliciousUnknownBrowse
                                  • 40.127.169.103
                                  • 184.28.90.27
                                  http://unionadjs.comGet hashmaliciousUnknownBrowse
                                  • 40.127.169.103
                                  • 184.28.90.27
                                  https://www.decisionmodels.com/FastExcelV4_Install.htmGet hashmaliciousUnknownBrowse
                                  • 40.127.169.103
                                  • 184.28.90.27
                                  Play_VM-NowCLQD.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 40.127.169.103
                                  • 184.28.90.27
                                  https://tiangco.com/?tgc=dGVzdEB0aWFuZ2NvLmNvbS3igJxUZXN0IFVzZXI=Get hashmaliciousHTMLPhisherBrowse
                                  • 40.127.169.103
                                  • 184.28.90.27
                                  file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                  • 40.127.169.103
                                  • 184.28.90.27
                                  fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCoinhive, XmrigBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123

                                  Dropped Files

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousCoinhive, XmrigBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                        file.exeGet hashmaliciousUnknownBrowse

                                                                          Created / dropped Files

                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_8331cf9c-2d5e-498d-80de-34cf38a4eb0e.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6439
                                                                          Entropy (8bit):5.136556728259541
                                                                          Encrypted:false
                                                                          SSDEEP:192:IjMX7XgcbhbVbTbfbRbObtbyEzn/nSrDtTJdB:IYMcNhnzFSJ5nSrDhJdB
                                                                          MD5:B08433D4A4528DA066911F82AECB37B5
                                                                          SHA1:00DE4AB46ECE189494EEA2299CC4980EB3E1B584
                                                                          SHA-256:0A71EB80629F8B35484E5268DAB1281E5DB980BEBBE8E60C25C1723545A8111A
                                                                          SHA-512:3963EAE4BF2527C5F47DD886417F37A293C5F48262BF18BA7A47AAFA4EFE4574C19559DE3FEAC8748B97525F0E377759F0A706BDE04B00CE095469E92B423911
                                                                          Malicious:false
                                                                          Preview:{"type":"uninstall","id":"8331cf9c-2d5e-498d-80de-34cf38a4eb0e","creationDate":"2024-09-04T21:42:34.738Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_8331cf9c-2d5e-498d-80de-34cf38a4eb0e.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6439
                                                                          Entropy (8bit):5.136556728259541
                                                                          Encrypted:false
                                                                          SSDEEP:192:IjMX7XgcbhbVbTbfbRbObtbyEzn/nSrDtTJdB:IYMcNhnzFSJ5nSrDhJdB
                                                                          MD5:B08433D4A4528DA066911F82AECB37B5
                                                                          SHA1:00DE4AB46ECE189494EEA2299CC4980EB3E1B584
                                                                          SHA-256:0A71EB80629F8B35484E5268DAB1281E5DB980BEBBE8E60C25C1723545A8111A
                                                                          SHA-512:3963EAE4BF2527C5F47DD886417F37A293C5F48262BF18BA7A47AAFA4EFE4574C19559DE3FEAC8748B97525F0E377759F0A706BDE04B00CE095469E92B423911
                                                                          Malicious:false
                                                                          Preview:{"type":"uninstall","id":"8331cf9c-2d5e-498d-80de-34cf38a4eb0e","creationDate":"2024-09-04T21:42:34.738Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0e3f29da-eec1-4373-80a2-5f6c1da8cccb.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):8090
                                                                          Entropy (8bit):5.811231406152866
                                                                          Encrypted:false
                                                                          SSDEEP:192:asNAQg9eiRUTTQKkFh6qRAq1k8SPxVLZ7VTiq:asNARt6UJFh6q3QxVNZTiq
                                                                          MD5:966CED4D8648078337D4BB8418AFA183
                                                                          SHA1:932488F95492301DE70AED15BD4D43F912F57349
                                                                          SHA-256:5A177A47B80A2AD16FB634DA040F0BFAF20FD15DEF5774F38BC664EFE95C0472
                                                                          SHA-512:5577968C65A30B441D599E50098B2B167406B4489D0D181C972F70CAADECCDECFB43B8685FB5D8177160F9CC313183F3DA3377742DB795AE70E0D37613BCDADB
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4906eda2-87f3-4c92-b8a7-e742aba9203c.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):25104
                                                                          Entropy (8bit):6.02952813541035
                                                                          Encrypted:false
                                                                          SSDEEP:768:qMGQ7FCYXGIgtDAWtJ4mkFQvBQzqFDX4D8:qMGQ5XMBxkWpID8
                                                                          MD5:09FEFEDAEB440F0BD3ED92021EA1F141
                                                                          SHA1:FA898EA5BC5D2DB9F8B8763DD34A475BCD1E0E90
                                                                          SHA-256:3EF2A9A14EC343D64F97DD811574F710455BE708596CC293F6652CFE1012726C
                                                                          SHA-512:3DBA4439BD25DD4A56978C6DB4C5D795CD35C95BF27D29EAEFE49C0180B75A8AAECC9D23AE54A8B0339C8679D919ECCF947091A5E2352015759A04B5D90BF72F
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369954558244743","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5aef3ef9-a78f-454d-a4db-be248adc7412.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):8321
                                                                          Entropy (8bit):5.7861911359275915
                                                                          Encrypted:false
                                                                          SSDEEP:192:fsNwQg9eiRUeujZkFl6qRAq1k8SPxVLZ7VTiQ:fsNwRtn0qFl6q3QxVNZTiQ
                                                                          MD5:40C18BA1FDB2DB18A858EC483D8B34F6
                                                                          SHA1:1F3B8E7F93A25E39AC93243344EA91374329EE60
                                                                          SHA-256:8C6A3A20BE01982AC1E85416EDF5B6F347474042DD5CEC18AFA56E3BAA07330F
                                                                          SHA-512:1A37BEE1FCE558B62E9AE9EF70C24409FB7AA83A55D5DCD579F92AA716EFFCE36C9244018B4FAA7D97AF464B752902199952666CF930BDAED23D2F113F4CE917
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\79e4806d-c443-48ae-84c0-f89b84beec6a.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\86717caf-394e-4ea4-af54-5a2e86c42840.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):8090
                                                                          Entropy (8bit):5.811231406152866
                                                                          Encrypted:false
                                                                          SSDEEP:192:asNAQg9eiRUTTQKkFh6qRAq1k8SPxVLZ7VTiq:asNARt6UJFh6q3QxVNZTiq
                                                                          MD5:966CED4D8648078337D4BB8418AFA183
                                                                          SHA1:932488F95492301DE70AED15BD4D43F912F57349
                                                                          SHA-256:5A177A47B80A2AD16FB634DA040F0BFAF20FD15DEF5774F38BC664EFE95C0472
                                                                          SHA-512:5577968C65A30B441D599E50098B2B167406B4489D0D181C972F70CAADECCDECFB43B8685FB5D8177160F9CC313183F3DA3377742DB795AE70E0D37613BCDADB
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\14cd1de5-b9f7-4dac-8170-09e3b1e58377.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):107893
                                                                          Entropy (8bit):4.640149995732079
                                                                          Encrypted:false
                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                          MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                          SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                          SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                          SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                          Malicious:false
                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):107893
                                                                          Entropy (8bit):4.640149995732079
                                                                          Encrypted:false
                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                          MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                          SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                          SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                          SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                          Malicious:false
                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D8BFFB-13B0.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.039936823015339476
                                                                          Encrypted:false
                                                                          SSDEEP:192:zq01utmqvDDKX78JvyqlBqfr3nXgXX/OvXrgThZINEydeRQMQ1ORCn8y08Tcm2Rl:m0EtpSQgSh+TG4gC08T2RGOD
                                                                          MD5:9FC19164979551CA757D6D36DF903702
                                                                          SHA1:7476583086993DAC143C0D6C25DA94186EAC81A4
                                                                          SHA-256:577D9871E90363A7105B8DCA8FBF08C8FB00708187EBEDA7EAE07CBAE57EB4C9
                                                                          SHA-512:7795A516EAA688E51F3D9FDF01549E8DF135BFB450A73EBA7AD4131A3945F1E4EFF85271F5374D645E2DE1893452164B8FAC8532C5443EE0A99AE3685FF628E6
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@................a..HQ..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....e.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".cavoia20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D8BFFC-1C34.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.4688409070135719
                                                                          Encrypted:false
                                                                          SSDEEP:6144:9bQBbDAWmmlZaH1c7/D72j1q6mp99aH3Mt:Ugmlgc/ncX
                                                                          MD5:07404D580059E397520F14E66194F071
                                                                          SHA1:F83199956340BC3B01DC26328525F21F907DF1C5
                                                                          SHA-256:B7E0EC7FBC3C392FDE42587FCFA1A4A3B36D0381217A331CC1522FD6E8D728A8
                                                                          SHA-512:AF06E93FB3F93704BC6C61B8F871A5D290082676AE2EC148E25E39B43BB2F089A929A381DDED8FEBE4EEF315C3A2F06B3E5BF5EF27BFEA395DB66FC9BCCB74B2
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@...................h...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".cavoia20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..$...

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D8C00E-2024.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.04076617548647219
                                                                          Encrypted:false
                                                                          SSDEEP:192:Dz0EbtmqvDtKX7BJEa3XxxTxqZ/g+XCf970R6Eqh57NgDR21gQMYDPntn8y08Tcp:n0EtWeK8YltFhxUSgQPt08T2RGOD
                                                                          MD5:EB970A762E0BBA22C53018B934D9D54C
                                                                          SHA1:9CA5B879053B1427F565279ED7D2942358286E16
                                                                          SHA-256:83320DAA98805567369850103B2C40D6422AA1A14BFC4D30E1B7087103DE7914
                                                                          SHA-512:F1A8C1F4134C7D9E8597F847611A525C3C2108A073F4E6ABAFADA6FF8C2379BB7F30DAD399841FD8F1A42B6FC7878AEFB9E5E8980E0DFCD475E399692B3D3347
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@................b...Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".cavoia20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D8C016-2390.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.039902682547480375
                                                                          Encrypted:false
                                                                          SSDEEP:192:vd0EbtmqvD3KX7YJEa3Xxx7uqZGXPtg34khtbNE3QMO1gQpeB3L651Sn8y08TcmQ:l0EtRe18xphlwagwU3L+A08T2RGOD
                                                                          MD5:0C1A4C9F54B5E555241FF770A6393A65
                                                                          SHA1:245A40C8E506847C10F1402D57C476C4388BE0C9
                                                                          SHA-256:3D08CADAFFEF7AB3F40F42AF04CB511FCCCAD40D98C601D378327BC454F6C3D5
                                                                          SHA-512:4088FC8C9263DFE2FA1DA6360F5D3A501D4ACA5264D5107DC9769D35D1C555079318B84D91F8EFE79DA7B8209A7B2401751A5A27D874118375A34B8690122CDF
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@................`...O..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".cavoia20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):16384
                                                                          Entropy (8bit):0.3553968406659012
                                                                          Encrypted:false
                                                                          SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                          MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                          SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                          SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                          SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                          Malicious:false
                                                                          Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):280
                                                                          Entropy (8bit):3.060980776278344
                                                                          Encrypted:false
                                                                          SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                                          MD5:74B32A83C9311607EB525C6E23854EE0
                                                                          SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                                          SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                                          SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                                          Malicious:false
                                                                          Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0a6c1ab1-82d9-4a6f-9a74-66f0c568f993.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12923
                                                                          Entropy (8bit):5.159915349883325
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVNJ9pQTryZiuaba4uyeJ7anwBYr308bpj+FzyQAgovFOj1f:sVNLAJuVJ7a3pUuQwkx
                                                                          MD5:68BDB430B44F719DA7622391D8F76CA2
                                                                          SHA1:B1A5E1BC205E619954A1B239ECE7355020E4E8DB
                                                                          SHA-256:D86DF5E85AD4DAF54A0FE7F1E7C585E42A9C709EADED836E1DB5D9C48B71B08D
                                                                          SHA-512:A090F75E469A0E38B545610C34C02BCAD59ED378B17864E87C55F7A40A0E59456744BB3377813ED759D90CBC815A0E989C07408DA96B3D4D72A7576D31A00C61
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369954558157420","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\220df3de-2717-4f5b-980c-2cbe2af53e66.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6393fa52-1047-4669-9a07-ddc639533068.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):115717
                                                                          Entropy (8bit):5.183660917461099
                                                                          Encrypted:false
                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                          Malicious:false
                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\66ec3e3f-3c7a-44a5-a993-a168f6c79962.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):39660
                                                                          Entropy (8bit):5.562519741540464
                                                                          Encrypted:false
                                                                          SSDEEP:768:9Kncr+7pLGLvfxWP91fyK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVdpFe9KprwslsDP:9Kncr+cvfxWP91fyKu1jaYpFsKaslGVD
                                                                          MD5:E6711A5956A5B95FB1151042FB6A5374
                                                                          SHA1:0558D901CF8CFE78573187F3FA9D584EE7DF5404
                                                                          SHA-256:0D779A28C61F793D4E38D58CDA81458960F0E2C6140DF3966591401EB4FBB0CE
                                                                          SHA-512:B9BFADB3FB311644A9D616E92174859868C3E72D6FE38C93508A696A252DE359ADA2F9CC3E2B89D178B31C1282213009B7B18E8DB71B170BE07D172A1D862291
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369954556923749","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369954556923749","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6d786e74-f1dc-4bb0-96ce-7bd462823f72.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13650
                                                                          Entropy (8bit):5.235248762660895
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVNJ9pQTryZiuaba4uyeJ7anwCMzX5n4CfYr308bpj+FzyQADbvFOj1f:sVNLAJuVJ7aDMCzpUuQykx
                                                                          MD5:40E6A0A6ADFB196757A851493E789453
                                                                          SHA1:FAE801988B0C4BDEFD94263374DA27C27371EEA8
                                                                          SHA-256:9626417BB8C20BD2360D800E82AA951D87E341C219E83AA40A275D722DA539B7
                                                                          SHA-512:FEEA3DA792836092AD058509584C2000A1BA1D5EE322ED363B85E22ED2F26ED457AF4B33A22165F41F89D9228B82268295EECCCA719C53F2A9F4BCAAEC614D61
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369954558157420","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):1695826
                                                                          Entropy (8bit):5.041136313645545
                                                                          Encrypted:false
                                                                          SSDEEP:24576:rPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:rPfZ/mS5
                                                                          MD5:3D7AD7E68FE541E3982E6EE34134AE7B
                                                                          SHA1:D2DB74DE31E7F229E932AB3753F610E23CE5F57C
                                                                          SHA-256:57F151A7C3F7291451E6973F1DC094144BE6E39AA665B651F44E89C2863A7A93
                                                                          SHA-512:BE024760EF36D0E4C3561F5A2E8A7AE6E4C9065C6D2C65B883BA197A2697DB4DB55E2B50C2277CCB300F238CF0E409EB3EB37137CC04FAFAF8A89FBB0AF1D2A3
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1-eY..................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13369954563727524.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13369954563729828.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):293
                                                                          Entropy (8bit):5.07093944646829
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUBXhq1wkn23oH+Tcwt9Eh1ZB2KLllUznkq2Pwkn23oH+Tcwt9Eh1tIFUv:PGXh1fYeb9Eh1ZFLnkkvYfYeb9Eh16F2
                                                                          MD5:B69891FFAA4FFACC89FFBBDABCA10BDE
                                                                          SHA1:B44DC829A69A8DB3CADFFE57F356A89A34AA0641
                                                                          SHA-256:B086093D849A43F3002B6406C601636E1F77A6ED06DD1382A59BC7F5D0756AB0
                                                                          SHA-512:76E10BBA120296682A3FCF48E2BC620C20423026CFEB9C86D431C6E0FE28AFD0C14782B0FE5D40DAE04AE0B8D77B2964650A24297FA41DAF162EB8E0C53BAA91
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:16:02.688 20f0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/09/04-16:16:02.821 20f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):12288
                                                                          Entropy (8bit):0.3202460253800455
                                                                          Encrypted:false
                                                                          SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                          MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                          SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                          SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                          SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):28672
                                                                          Entropy (8bit):0.46434561668882324
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNj9JBc:TouQq3qh7z3bY2LNW9WMcUvBfJBc
                                                                          MD5:8486C5022DEF654FC70C8E4106EA9361
                                                                          SHA1:131D9AAA273DAB57BB6AC2E43A63F26D9180344E
                                                                          SHA-256:987C3DECC27F3F971C162E3B659C6B947375ADDCF9E757054BC2E578AC544E48
                                                                          SHA-512:FFC8F18A85DF54D06014C82CDD93CBCF1C6FF8ED58A1C7CD2EEBF4B969B436C14DC37B67D92D7C00D8C7A541BDA083DC336E3EE35B1FDD8FE55547E5058A2AA7
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.47693366977411E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNl4FCT/l:Ls346
                                                                          MD5:7F8A5062C2DD15F476ACC576F8D70FB4
                                                                          SHA1:7ACF8759CE4B7552225E56223DD15F247A76FB14
                                                                          SHA-256:6E3D94DF839E6E2630D3427651F07ABE0AE06C74DBD2C043ADC6BC6A4548B1EE
                                                                          SHA-512:CE74E072223D703077FE16D2649B5BEFBFCB74A5EE8D8F741AEFA3DD8EFCCD3527129FA70C7A748D1BDCA75C6A2C60FF39D4EFD652E678488FB2ADD5C86FBA06
                                                                          Malicious:false
                                                                          Preview:........................................V.. ../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):33
                                                                          Entropy (8bit):3.5394429593752084
                                                                          Encrypted:false
                                                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):305
                                                                          Entropy (8bit):5.222335074167595
                                                                          Encrypted:false
                                                                          SSDEEP:6:PU1BE81wkn23oH+TcwtnG2tbB2KLllU1ZWM+q2Pwkn23oH+TcwtnG2tMsIFUv:PvfYebn9VFLn0L+vYfYebn9GFUv
                                                                          MD5:455304E66633A1BCC58877BEBB74B8D6
                                                                          SHA1:3CCBEBB8D1A8101DB12824EAB4D5DAD4A2129108
                                                                          SHA-256:4BD820E98DB57306AE27474C43CDB1A2A8332F5433381C52BE1C4E616A98736E
                                                                          SHA-512:C6B4E5C17401E62500886F32BC35FA47F65AE18E8371EECF2F4FF3BB62ADDE7E620E2316019274F941B738BABCC18AD03233BDC118B39355A54D048D3FD18671
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:57.025 1d1c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/09/04-16:15:57.793 1d1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.494709561094235
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                          MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                          SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                          SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                          SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.6131520489062693
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLqpR+DDNzWjJ0npnyXKUO8+jSN7pINZ4mL:Te8D4jJ/6Up+GMh
                                                                          MD5:3A315A34E09D21D9D530B26E0A0D0C4F
                                                                          SHA1:4484F94A9F54E5449CDB27B998E2BF36712EBAF5
                                                                          SHA-256:25446613DED82EDE3FA62E0EE20649FEEA9168F89C29B2B67A26CC7C020AA20E
                                                                          SHA-512:448D2D57627170B7A707B8F5FE5C71400A6C439978441032D3C7F362ABE008EBAA736D237FF13EE13BFB33A65D7EB30C36280B93C4373050198B2A83D39C6079
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):375520
                                                                          Entropy (8bit):5.354120640530684
                                                                          Encrypted:false
                                                                          SSDEEP:6144:yA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:yFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                          MD5:C7AAE2424A0ECA0666A7F796532E2758
                                                                          SHA1:4E4BDEEB3F24F2FD7DA5EA6D6CFBBBE8D9971289
                                                                          SHA-256:6188842FE4AE212D4440B0E5D249A1CC86861FD9D7CBA4F7818C56CA5A150F1A
                                                                          SHA-512:A5B88C647BF30B5790064FDB455582F00C9C13BDBC50F977A3F6E6DEC7A31B6CFBCCE28737506741D80F7C7A9CF15049224F78343D6AF428CDF0124F7EBFDB8F
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1H.^.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13369954563728074..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):309
                                                                          Entropy (8bit):5.157793470709794
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUn1wkn23oH+Tcwtk2WwnvB2KLllUth3+q2Pwkn23oH+Tcwtk2WwnvIFUv:P5fYebkxwnvFLn8hOvYfYebkxwnQFUv
                                                                          MD5:A4A2116801072A05BE6BD70C5689170A
                                                                          SHA1:5C67E6519F78E79C5623125AEB722FDE124DE398
                                                                          SHA-256:6E1F3D2EF5F5F74D3D6600E8FE6B8266AE3ECAE5F9F5422B137D1BE9359E7AA5
                                                                          SHA-512:FBCF5F96443F99420E617BE32EB2CE9202996B1432F096EE24FBDFF47C5272BD808FAE40F9F8F9C905CE4718405AB3A932F6D7D88A6CE6E30394641AC6074049
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:16:02.806 2108 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/04-16:16:02.941 2108 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):358860
                                                                          Entropy (8bit):5.324619943098392
                                                                          Encrypted:false
                                                                          SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R5:C1gAg1zfvR
                                                                          MD5:B48D7AC9840739EC9BFC5F66B015A2FF
                                                                          SHA1:1CD2797E4370E09F48DCBDF440482DBE44790FCB
                                                                          SHA-256:C1861A4BFCCBD10AE2EA256439ACEEE2704C3C00BBA2BBDAD15DD1421D51D4E3
                                                                          SHA-512:996E5AD3479308A3A04082ACEAA64D9F9139D4C3C3E0451895DBBD4E07A76D27F896E6D9974E2371CC727126D2501992A3A3731066CA9A5E484A8A420A276E85
                                                                          Malicious:false
                                                                          Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):209
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                          MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                          SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                          SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                          SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):281
                                                                          Entropy (8bit):5.203325585324531
                                                                          Encrypted:false
                                                                          SSDEEP:6:PU1EoM1wkn23oH+Tcwt8aVdg2KLllU1rBXVq2Pwkn23oH+Tcwt8aPrqIFUv:PporfYeb0LnuTvYfYebL3FUv
                                                                          MD5:D5A46A476E14A0EAF70CAC98EB13619C
                                                                          SHA1:AC0603066451CCDC925D3BA5E2600125AFBA6245
                                                                          SHA-256:525F42F46F051C0822D79B065211252480F4C265ABF3CF24C7628BF850129B3C
                                                                          SHA-512:3BB56062862A141E848E3D9F405184E7DBBFFADA2C82A334990C138D065F04A0CCD4ABA6C364C9E828C8E62E885A3BB3152099ADE7AE4EB71FBBF78E9A4F1858
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:57.115 1d34 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/09/04-16:15:57.225 1d34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):209
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                          MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                          SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                          SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                          SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):285
                                                                          Entropy (8bit):5.196102483682933
                                                                          Encrypted:false
                                                                          SSDEEP:6:PU18YhM1wkn23oH+Tcwt86FB2KLllU1b5Vq2Pwkn23oH+Tcwt865IFUv:PBGrfYeb/FFLnyvYfYeb/WFUv
                                                                          MD5:2CF43279393436BB989E6AEB0FED5ED0
                                                                          SHA1:D818F44D6BF10E2175712306E89877822F9607EA
                                                                          SHA-256:F1E25913243AB684C5FD96A9384BA80ED3D1DE52982210E8D03365513E29D96B
                                                                          SHA-512:CE117781C70CA2703B948D64EA076728A36B2388D3B1895390F859B9BC6C5C822C6D3DF40AA336B8AFF036CBEFC5AE38159C97CB89105D3381F7AA8E239151E1
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:57.250 1d34 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/09/04-16:15:57.294 1d34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):1197
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                          MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                          SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                          SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                          SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.231358063170151
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUg59+q2Pwkn23oH+Tcwt8NIFUt82Ug5JZmw+2Ug59VkwOwkn23oH+Tcwt8+eLJ:PSvYfYebpFUt82b/+2x5JfYebqJ
                                                                          MD5:09B4C294838E4581587100FCE9B66D31
                                                                          SHA1:C2133DC1B58E6E848B83E4A03584C9B720365B4C
                                                                          SHA-256:6D5CAAE7DFA44D7BE29F1382831BB5B02ED06559A66200D0A1FE7B67C239223B
                                                                          SHA-512:94923C24788E36B8B0029C6D7401771C515F92BBF1F30B36269CE68873F61C3A4E2891BAF633DABE371959EDF1F84B81C4CB5E4ED18F050FC24BA044CF77564E
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:58.383 1cd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/04-16:15:58.383 1cd8 Recovering log #3.2024/09/04-16:15:58.383 1cd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.231358063170151
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUg59+q2Pwkn23oH+Tcwt8NIFUt82Ug5JZmw+2Ug59VkwOwkn23oH+Tcwt8+eLJ:PSvYfYebpFUt82b/+2x5JfYebqJ
                                                                          MD5:09B4C294838E4581587100FCE9B66D31
                                                                          SHA1:C2133DC1B58E6E848B83E4A03584C9B720365B4C
                                                                          SHA-256:6D5CAAE7DFA44D7BE29F1382831BB5B02ED06559A66200D0A1FE7B67C239223B
                                                                          SHA-512:94923C24788E36B8B0029C6D7401771C515F92BBF1F30B36269CE68873F61C3A4E2891BAF633DABE371959EDF1F84B81C4CB5E4ED18F050FC24BA044CF77564E
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:58.383 1cd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/04-16:15:58.383 1cd8 Recovering log #3.2024/09/04-16:15:58.383 1cd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):4096
                                                                          Entropy (8bit):0.3169096321222068
                                                                          Encrypted:false
                                                                          SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                          MD5:2554AD7847B0D04963FDAE908DB81074
                                                                          SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                          SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                          SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.40981274649195937
                                                                          Encrypted:false
                                                                          SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                          MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                          SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                          SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                          SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):429
                                                                          Entropy (8bit):5.809210454117189
                                                                          Encrypted:false
                                                                          SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                          MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                          SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                          SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                          SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                          Malicious:false
                                                                          Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):2.4439808359419284
                                                                          Encrypted:false
                                                                          SSDEEP:96:0BCymIzA9M4elS9nsH4/AztcUuuoKwqAeR:mNm2A+QsHXzCUPo1qA4
                                                                          MD5:F56216C272E54CA413D0E121FE25E0A9
                                                                          SHA1:42F3D5433A8120A04A444AE6E570C9BD15415893
                                                                          SHA-256:C9446FE03D0E7EEA9468F49E5BF9D947E12941A158171BDEA38F414E5D2EA1E0
                                                                          SHA-512:0EAA220ED5CD647B3AA267938C46A7C60C3D6C0DD63D4D3044E7872B128DEA2366744CAABBD3CF4FD4A7648D47ABD1A58DC50FEC78678235DAEC1C4EE6BFA3C0
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                                                                          Category:dropped
                                                                          Size (bytes):159744
                                                                          Entropy (8bit):0.6459940892486459
                                                                          Encrypted:false
                                                                          SSDEEP:96:ZNAgseMU+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNCWD2DKA1:bA3U+GPXBBE3upb0HtTTDxVj3D2DKA
                                                                          MD5:093D2385EB48CB4C1864A2A8C38B89F6
                                                                          SHA1:39A28108163BB582D39C7688CB76E37E6448B070
                                                                          SHA-256:019B3F4A5CF06FCE602485DFD1ADB23CEF1FB9C9689E3F72249004BADC0E0F84
                                                                          SHA-512:FB84FF2B4089B2259906254F262E17FB57E735FCEB02268E2EDAD907B514AFD90B3025117F13ECF817BBD4D5FF41DAB38705C764DFDB44A03FFB4E0E9D1227F2
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8720
                                                                          Entropy (8bit):0.32872990409968056
                                                                          Encrypted:false
                                                                          SSDEEP:6:RlMA/J3+t76Y4QZZofU99pO0BYsaqR4EZY4QZvGtB:DdhHQws9LdJhBQZGtB
                                                                          MD5:B1A9909D39CA46981E21C9116EE797D9
                                                                          SHA1:65F0B8000B4D8FE5DC3181AF68E74993724C9994
                                                                          SHA-256:555B57AE92F39CC094AA0AABEDB7C76B1F1B58DBB00475EB26173AC96BA9681F
                                                                          SHA-512:7DE39F8BEC9C1ED7EB94247DD6A508908850E8C911A147A986B506A864FAC385653C0CBD966A282B7B62C0D0A5B5613CF5180B9D2E1EF753DB5772964AC02D82
                                                                          Malicious:false
                                                                          Preview:...................'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):115717
                                                                          Entropy (8bit):5.183660917461099
                                                                          Encrypted:false
                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                          Malicious:false
                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                          Category:dropped
                                                                          Size (bytes):45056
                                                                          Entropy (8bit):3.548919977198739
                                                                          Encrypted:false
                                                                          SSDEEP:384:zj9P0cvEQkQer0cgP/KbtZ773pLyhkCgam6IWRKToaAu:zdHse23gP/w7s+FmRKcC
                                                                          MD5:882E94A41F72546ABE8D4B143A427756
                                                                          SHA1:52970582B9CC7F4D19D79ED18D856993C6DEE75C
                                                                          SHA-256:B1D3FC1F00AFB42D71D6B0CC7D5942E6842F2A2544D561B94067D3192B724017
                                                                          SHA-512:B63D346E1DD91863DC96DAD1365241053D19FBA2B1DCBF431B35540D419F6FADD378AD4B91094C5FEAB46F792FC3F2522EEC03B5DBDA77804BAAA2338BF312AE
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):406
                                                                          Entropy (8bit):5.32249482409091
                                                                          Encrypted:false
                                                                          SSDEEP:12:PKmvYfYeb8rcHEZrELFUt82Kf/+2K25JfYeb8rcHEZrEZSJ:CkYfYeb8nZrExg8zagJfYeb8nZrEZe
                                                                          MD5:092DF3106E17F4AB1DDF6B90D9281D7B
                                                                          SHA1:BD6BC35B3AB5CB07542FB73C5E2DCF9207C1B6A4
                                                                          SHA-256:011EE60694ED10455D1CA72D414F6AB47FE41FC1E02EEF0E6172FDB87E6E0675
                                                                          SHA-512:7D1ADE0BD8EBF9D99295F210E06676B7FB67F37F5407B7D9F3478F69A43CD6976479492B55B10FA7013D53BE6CDFAB8BD15300EA88928F5C62FAE6A1585B2B2B
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:59.237 1cd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/04-16:15:59.237 1cd8 Recovering log #3.2024/09/04-16:15:59.238 1cd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):406
                                                                          Entropy (8bit):5.32249482409091
                                                                          Encrypted:false
                                                                          SSDEEP:12:PKmvYfYeb8rcHEZrELFUt82Kf/+2K25JfYeb8rcHEZrEZSJ:CkYfYeb8nZrExg8zagJfYeb8nZrEZe
                                                                          MD5:092DF3106E17F4AB1DDF6B90D9281D7B
                                                                          SHA1:BD6BC35B3AB5CB07542FB73C5E2DCF9207C1B6A4
                                                                          SHA-256:011EE60694ED10455D1CA72D414F6AB47FE41FC1E02EEF0E6172FDB87E6E0675
                                                                          SHA-512:7D1ADE0BD8EBF9D99295F210E06676B7FB67F37F5407B7D9F3478F69A43CD6976479492B55B10FA7013D53BE6CDFAB8BD15300EA88928F5C62FAE6A1585B2B2B
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:59.237 1cd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/04-16:15:59.237 1cd8 Recovering log #3.2024/09/04-16:15:59.238 1cd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):334
                                                                          Entropy (8bit):5.19594339562877
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUgoUhSDM+q2Pwkn23oH+Tcwt8a2jMGIFUt82UgcgZmw+2UgTDMVkwOwkn23oH+k:PvSDM+vYfYeb8EFUt82Ug/+27DMV5Jfo
                                                                          MD5:F601ACD04BB66923E6DD7E082DE80867
                                                                          SHA1:0C20AB88CAE2DCCFB86924ADD51E7F45955F98CB
                                                                          SHA-256:320FCFE839A91C2B149A2839E513B97F49E5E5FD176D5D8F9E3E632480A34E4B
                                                                          SHA-512:2DBC3C9D91A72C9E16321B5CFFCBBD1AD762E7329701EF2016CD387705A8A61B3B2BD21B38F51DE24336500E9EAF3B5B7D4EE95A951624319D2896DC70A463C9
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:58.489 1e6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/04-16:15:58.490 1e6c Recovering log #3.2024/09/04-16:15:58.501 1e6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):334
                                                                          Entropy (8bit):5.19594339562877
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUgoUhSDM+q2Pwkn23oH+Tcwt8a2jMGIFUt82UgcgZmw+2UgTDMVkwOwkn23oH+k:PvSDM+vYfYeb8EFUt82Ug/+27DMV5Jfo
                                                                          MD5:F601ACD04BB66923E6DD7E082DE80867
                                                                          SHA1:0C20AB88CAE2DCCFB86924ADD51E7F45955F98CB
                                                                          SHA-256:320FCFE839A91C2B149A2839E513B97F49E5E5FD176D5D8F9E3E632480A34E4B
                                                                          SHA-512:2DBC3C9D91A72C9E16321B5CFFCBBD1AD762E7329701EF2016CD387705A8A61B3B2BD21B38F51DE24336500E9EAF3B5B7D4EE95A951624319D2896DC70A463C9
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:58.489 1e6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/04-16:15:58.490 1e6c Recovering log #3.2024/09/04-16:15:58.501 1e6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):57344
                                                                          Entropy (8bit):0.863060653641558
                                                                          Encrypted:false
                                                                          SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                          MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                          SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                          SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                          SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                          Category:dropped
                                                                          Size (bytes):45056
                                                                          Entropy (8bit):0.40293591932113104
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                          MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                          SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                          SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                          SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\65c03973-4919-4800-b219-9fb16ece81a3.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9aa9d6a7-2988-4e2a-a9dc-0c51546c23c2.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):355
                                                                          Entropy (8bit):5.470906295826531
                                                                          Encrypted:false
                                                                          SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQclbEDNRlBv31dB8wXwlmUUAnIMp5uVu:YWyX5Sg9vt+UAnIQclKBR7N+UAnIVG4Q
                                                                          MD5:47774C47869C94A5345DC25903BF338A
                                                                          SHA1:2B2F660ABFD47060358B06ED2760205FBE244850
                                                                          SHA-256:73044F35AA8328042AC1C66A210FDC8AFC820C4EA0B8FCF2B204DFEE0106E158
                                                                          SHA-512:F1BC7468DC01E7C864863AA64A9CE7D8542E506CFCB58E10E3E1BB9A6841080F4B807B23F89323AB52287B361DBBC034F7BDC72450C9049DD8F162F95D7DCE09
                                                                          Malicious:false
                                                                          Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757017029.489033,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725481029.489037}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.0833687987492744
                                                                          Encrypted:false
                                                                          SSDEEP:48:T2dKLopF+SawLUO1Xj8B9tthctNBuHrsYAJAH8UOFyPr:ige+Au9tT8ur
                                                                          MD5:47E124BF9EF14F3839C19D28E2679805
                                                                          SHA1:B05210991819E8744B193CAC86BF41958284BB34
                                                                          SHA-256:A0109A19779C00F8D8905B42AFF96A7A4031F077217E227411D92E26DE84F035
                                                                          SHA-512:D2A51D3F8D8691686D447DBB65006D7FBB9E842A47E56E0D315144CABB781C5E8E20B3F12DEC74750BB78DE5B55B288697543BD49277BDF6E8225520986BE2C7
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):61
                                                                          Entropy (8bit):3.926136109079379
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2bf20.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):61
                                                                          Entropy (8bit):3.926136109079379
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3a98f.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):61
                                                                          Entropy (8bit):3.926136109079379
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):1.3306821643319466
                                                                          Encrypted:false
                                                                          SSDEEP:96:uIEumQv8m1ccnvS6vBDo2dQF2YQ9UZc11UNjfRVkI:uIEumQv8m1ccnvS6K282rUZYGNrd
                                                                          MD5:250F51FEB4268E7E07DC78A86358AC2B
                                                                          SHA1:D1C81297D98B411E7EA7DAECFF2880DA8B575C31
                                                                          SHA-256:E82884C5FD0AA964B6555B4675CD82E8864A17F8903E619EC017306635E1279B
                                                                          SHA-512:74CF16642DF84EF5E2387BA1B666B3EC5A4B8B01927F4F61166E6EA2E7D1433D5904C619310E0265C237F7B518CA0B415569DC0A7276F8835173E6A1E2016021
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a118.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2b57b.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):203
                                                                          Entropy (8bit):5.4042796420747425
                                                                          Encrypted:false
                                                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                          Malicious:false
                                                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2c1fe.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):203
                                                                          Entropy (8bit):5.4042796420747425
                                                                          Encrypted:false
                                                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                          Malicious:false
                                                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3cc4a.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):203
                                                                          Entropy (8bit):5.4042796420747425
                                                                          Encrypted:false
                                                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                          Malicious:false
                                                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):0.36515621748816035
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                          MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bfab380d-7250-4ea1-80fa-b8a565e87cf3.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\cbf5fce7-89b4-4f3a-b8f4-4d48d95f77a7.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2271
                                                                          Entropy (8bit):5.27229583153213
                                                                          Encrypted:false
                                                                          SSDEEP:48:YXsy8sceCfcdsbgs7XwC5su1rs2gnsUr+Hps6Ys1+HJCbZ:qweCPjw2PAr4BV4I1
                                                                          MD5:1D180E060AC5B08562A7B1FDF7D63532
                                                                          SHA1:B71A1798D05508BE17494076D1EB976EDE2AD655
                                                                          SHA-256:522BE0F85EA23D63DDE8C8F030257DE369A1632A6F8B000671A297C5B5893B0D
                                                                          SHA-512:B9CBA69B84AAB2F0B02789BFB33492DD7267D4A4937549092F034103BD6CE73FB5AC2E0A731F0C3FAAD00807A2B3196C6CC5D0AA9957FD3A6EB7B92D492AB219
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372546560468215","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372546561589377","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372546562802421","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370048163830111","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpn

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\cf972abb-eeb4-4c99-a2bf-58d1ee99faea.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e2dcb061-09ba-4cac-9a51-1c16d009ab97.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):111
                                                                          Entropy (8bit):4.718418993774295
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                          MD5:285252A2F6327D41EAB203DC2F402C67
                                                                          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e5811007-18ea-4d1a-8b55-bbb4ff8887fd.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):355
                                                                          Entropy (8bit):5.481110546496821
                                                                          Encrypted:false
                                                                          SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQclp1Bv31dB8wXwlmUUAnIMp5svSQ:YWyX5Sg9vt+UAnIQclp1R7N+UAnIpKQ
                                                                          MD5:6FF7AE49BF652B07E8520FDAC28FBBB0
                                                                          SHA1:67ECD0F2C6E2297FC9A095729C37D66F9BB732F5
                                                                          SHA-256:F7E332DFAEE01AD646E6AE2DE19806415AE2977433FF44E85C5244F139E88EB7
                                                                          SHA-512:29C72809D4025C203A6581F9A57D0D6633F1CC844FDD45D3BBFB8F230ADB7505AE5FBB9785462FB6FEFC0EC3A9DE4E573D038470CEEC161C77FB7FFBE60CA52C
                                                                          Malicious:false
                                                                          Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757016968.632309,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725480968.632314}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e6a59afa-cf17-45dc-86c1-c8aad3f3abac.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.5744102022039023
                                                                          Encrypted:false
                                                                          SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isCHIrdNG7fdjxHIXOFSY:TLiOUOq0afDdWec9sJKG7zo7J5fc
                                                                          MD5:8B7CCBAE5FB8F1D3FDB331AED0833FB0
                                                                          SHA1:7924CE8D7CF818F1132F1C8A047FBEEF13F18877
                                                                          SHA-256:8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
                                                                          SHA-512:23B07F98E037ECC9BAAB37EA93264503B936CA180F4873D19944D186F3529926CBDC7A0962E7A51EADC8CEB2CA85D94BFC3C431D0068B8320C45BF24C0DDB163
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12266
                                                                          Entropy (8bit):5.0750615829557795
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVNJ9pQTryZigaba4uyeJ7aaYr3I8bpj+FzyQAgovFOj1f:sVNLA3uVJ7ajpUuQwkx
                                                                          MD5:DD74C4339E68A7DEDA289E8F933B9F48
                                                                          SHA1:D3572730BEB3FCF78F5D7C03013B63FED06D04C9
                                                                          SHA-256:2982C430618C54ACE39AA8A15557C12D3A6357B7CA41F7C440A297BE22CB5ECE
                                                                          SHA-512:B110305848A74B648652A51D1F6FC070C8810A75D0950084B6E1B53A0028DF999519B54ECA3E6D397EDD049799B91ECC3EC3F4DA067935417D5EAFC99C273B01
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369954558157420","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2dd17.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12266
                                                                          Entropy (8bit):5.0750615829557795
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVNJ9pQTryZigaba4uyeJ7aaYr3I8bpj+FzyQAgovFOj1f:sVNLA3uVJ7ajpUuQwkx
                                                                          MD5:DD74C4339E68A7DEDA289E8F933B9F48
                                                                          SHA1:D3572730BEB3FCF78F5D7C03013B63FED06D04C9
                                                                          SHA-256:2982C430618C54ACE39AA8A15557C12D3A6357B7CA41F7C440A297BE22CB5ECE
                                                                          SHA-512:B110305848A74B648652A51D1F6FC070C8810A75D0950084B6E1B53A0028DF999519B54ECA3E6D397EDD049799B91ECC3EC3F4DA067935417D5EAFC99C273B01
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369954558157420","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF30fff.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12266
                                                                          Entropy (8bit):5.0750615829557795
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVNJ9pQTryZigaba4uyeJ7aaYr3I8bpj+FzyQAgovFOj1f:sVNLA3uVJ7ajpUuQwkx
                                                                          MD5:DD74C4339E68A7DEDA289E8F933B9F48
                                                                          SHA1:D3572730BEB3FCF78F5D7C03013B63FED06D04C9
                                                                          SHA-256:2982C430618C54ACE39AA8A15557C12D3A6357B7CA41F7C440A297BE22CB5ECE
                                                                          SHA-512:B110305848A74B648652A51D1F6FC070C8810A75D0950084B6E1B53A0028DF999519B54ECA3E6D397EDD049799B91ECC3EC3F4DA067935417D5EAFC99C273B01
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369954558157420","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34de2.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12266
                                                                          Entropy (8bit):5.0750615829557795
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVNJ9pQTryZigaba4uyeJ7aaYr3I8bpj+FzyQAgovFOj1f:sVNLA3uVJ7ajpUuQwkx
                                                                          MD5:DD74C4339E68A7DEDA289E8F933B9F48
                                                                          SHA1:D3572730BEB3FCF78F5D7C03013B63FED06D04C9
                                                                          SHA-256:2982C430618C54ACE39AA8A15557C12D3A6357B7CA41F7C440A297BE22CB5ECE
                                                                          SHA-512:B110305848A74B648652A51D1F6FC070C8810A75D0950084B6E1B53A0028DF999519B54ECA3E6D397EDD049799B91ECC3EC3F4DA067935417D5EAFC99C273B01
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369954558157420","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF39ada.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12266
                                                                          Entropy (8bit):5.0750615829557795
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVNJ9pQTryZigaba4uyeJ7aaYr3I8bpj+FzyQAgovFOj1f:sVNLA3uVJ7ajpUuQwkx
                                                                          MD5:DD74C4339E68A7DEDA289E8F933B9F48
                                                                          SHA1:D3572730BEB3FCF78F5D7C03013B63FED06D04C9
                                                                          SHA-256:2982C430618C54ACE39AA8A15557C12D3A6357B7CA41F7C440A297BE22CB5ECE
                                                                          SHA-512:B110305848A74B648652A51D1F6FC070C8810A75D0950084B6E1B53A0028DF999519B54ECA3E6D397EDD049799B91ECC3EC3F4DA067935417D5EAFC99C273B01
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369954558157420","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):33
                                                                          Entropy (8bit):4.051821770808046
                                                                          Encrypted:false
                                                                          SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                          MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                          SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                          SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                          SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                          Malicious:false
                                                                          Preview:{"preferred_apps":[],"version":1}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.558666995626419
                                                                          Encrypted:false
                                                                          SSDEEP:768:9KncFxWP91ftK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVde9KprwsltDdKpMtuB:9KncFxWP91ftKu1jaIsKasl7VtS
                                                                          MD5:049A6AFB79B85E9C6017B8B75E159771
                                                                          SHA1:E96E8E12F82FE8D825A40A55A900B2E2FED221A1
                                                                          SHA-256:C13AA3285C9A428C31EAA10953E842FBEB4762AC6395240332A651E6A59FD881
                                                                          SHA-512:DB513192E87F780082C3B3001BE4FAA35779FEA4F08E5DD80373C1ECF52B3CA40E169D39A3D596D0F70D0B3E945C3EF203B92E203D04136D4B11A8F80C994F2F
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369954556923749","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369954556923749","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2dc8b.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.558666995626419
                                                                          Encrypted:false
                                                                          SSDEEP:768:9KncFxWP91ftK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVde9KprwsltDdKpMtuB:9KncFxWP91ftKu1jaIsKasl7VtS
                                                                          MD5:049A6AFB79B85E9C6017B8B75E159771
                                                                          SHA1:E96E8E12F82FE8D825A40A55A900B2E2FED221A1
                                                                          SHA-256:C13AA3285C9A428C31EAA10953E842FBEB4762AC6395240332A651E6A59FD881
                                                                          SHA-512:DB513192E87F780082C3B3001BE4FAA35779FEA4F08E5DD80373C1ECF52B3CA40E169D39A3D596D0F70D0B3E945C3EF203B92E203D04136D4B11A8F80C994F2F
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369954556923749","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369954556923749","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF30c84.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.558666995626419
                                                                          Encrypted:false
                                                                          SSDEEP:768:9KncFxWP91ftK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVde9KprwsltDdKpMtuB:9KncFxWP91ftKu1jaIsKasl7VtS
                                                                          MD5:049A6AFB79B85E9C6017B8B75E159771
                                                                          SHA1:E96E8E12F82FE8D825A40A55A900B2E2FED221A1
                                                                          SHA-256:C13AA3285C9A428C31EAA10953E842FBEB4762AC6395240332A651E6A59FD881
                                                                          SHA-512:DB513192E87F780082C3B3001BE4FAA35779FEA4F08E5DD80373C1ECF52B3CA40E169D39A3D596D0F70D0B3E945C3EF203B92E203D04136D4B11A8F80C994F2F
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369954556923749","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369954556923749","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):364
                                                                          Entropy (8bit):4.005048317675882
                                                                          Encrypted:false
                                                                          SSDEEP:6:S85aEFljljljljljljlmlaDRZqSVjw+CA5EEE:S+a8ljljljljljljlmURZqwE+CA
                                                                          MD5:F4E245FCB0D8319CAF7F6B6051204564
                                                                          SHA1:080AA6D54C27D5FA6D5DE6CD4943C52CF8551985
                                                                          SHA-256:B0CD76B875530C51369457A29E594A019AE287BFAE07C8982F80CB1579FEAB23
                                                                          SHA-512:FCD449340B8741E633F390D89D29390B4CF96D545A0FED7891F9F63502D4AAD6C2E76268ED042121A7D2E9B20788FBF9FEB065868FB41FF88F4B8CE40927829E
                                                                          Malicious:false
                                                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f...............P..j................next-map-id.1.Knamespace-efe6a79a_eefc_493e_9b7c_54fefc815538-https://accounts.google.com/.0V.e................V.e................V.e................V.e................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.171620519880814
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUgCTpDM+q2Pwkn23oH+TcwtrQMxIFUt82UgJgZmw+2UgUDMVkwOwkn23oH+TcwJ:PIpDM+vYfYebCFUt82xg/+28DMV5JfYM
                                                                          MD5:EEF389376E39347FBE58F4B638244812
                                                                          SHA1:C426C70E39BCB4F1C37464FDC591A1C4FED4ED3D
                                                                          SHA-256:410E6B453660DFDA46091C87727213AC43367F8C7555A46D2B8263F2CC97B9D4
                                                                          SHA-512:AB400F57B507CBFC7418D522538E6C026F338E69C00D8B710F74ADA3752F6B09A473790FF734B65C5F07FA25E6F5D5C8D1C63535B6C3F39AD04FE294295C42EF
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:58.449 1e6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/04-16:15:58.451 1e6c Recovering log #3.2024/09/04-16:15:58.454 1e6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.171620519880814
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUgCTpDM+q2Pwkn23oH+TcwtrQMxIFUt82UgJgZmw+2UgUDMVkwOwkn23oH+TcwJ:PIpDM+vYfYebCFUt82xg/+28DMV5JfYM
                                                                          MD5:EEF389376E39347FBE58F4B638244812
                                                                          SHA1:C426C70E39BCB4F1C37464FDC591A1C4FED4ED3D
                                                                          SHA-256:410E6B453660DFDA46091C87727213AC43367F8C7555A46D2B8263F2CC97B9D4
                                                                          SHA-512:AB400F57B507CBFC7418D522538E6C026F338E69C00D8B710F74ADA3752F6B09A473790FF734B65C5F07FA25E6F5D5C8D1C63535B6C3F39AD04FE294295C42EF
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:58.449 1e6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/04-16:15:58.451 1e6c Recovering log #3.2024/09/04-16:15:58.454 1e6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369954559325974

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):9232
                                                                          Entropy (8bit):4.041470924360195
                                                                          Encrypted:false
                                                                          SSDEEP:192:3pTKAp3PHDWl7AO3PHDWlhAY3PHDWlqAMeN/O3PHDWlqA:5Byls+ylS4ylLKylqA
                                                                          MD5:D44A54B4096E49BE094E4C329389972C
                                                                          SHA1:54BF313F82EC79450C8EBB64C801E7C8FC279188
                                                                          SHA-256:22E9EAAB8A5B736D55EDE7E0920E0E6C3E02C98F46661304F615D550E03018B2
                                                                          SHA-512:6FB5F43C0B5E4E5DDDCBFFC6F39EC5244E5F8C2FFC1514CFC1B81592AB4584BDCB561ED4E530737B509BE0FCF428F41614696A47B5FFC82820FB36AB31D2510A
                                                                          Malicious:false
                                                                          Preview:SNSS..........J..............J......"...J..............J..........J..........J..........J....!.....J..................................J...J1..,......J$...efe6a79a_eefc_493e_9b7c_54fefc815538......J..........J..................J......J..........................J.......................5..0......J&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}........J..........J..........................J..............J....=...https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd&ifkv=Ab5oB3rXRTAcHDwC6mpmFlDNy3rcSHufqf8JyZusqtl8HPttC2Uu8n9HW5QO5AO_bQiAC9lAlbIu&service=accountsettings&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1038209812%3A1725480962176526&ddm=0...............!........................................................................................................v..P!...v..P!..P.......h...............`...........................................................=...h.t.t.p.s.:././.a.c.c.o.u.n.t.s...g.o.o.g.l.e...c.o.m

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.44194574462308833
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):350
                                                                          Entropy (8bit):5.1783107083635
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUyuGlWM+q2Pwkn23oH+Tcwt7Uh2ghZIFUt82U1Dyo1Zmw+2U1DTuBtlWMVkwOw8:PxuqL+vYfYebIhHh2FUt82yym/+2yTGU
                                                                          MD5:CC7303F9C523550EF31085CCC591779F
                                                                          SHA1:145F3FDB8119147080E58E8F8932D471E5FAA93C
                                                                          SHA-256:552D2D519C1C6A2584F1F62D83ED06CAA5383692898F47C29EF3D863644746E0
                                                                          SHA-512:F685BEE75096776F5DAB65FDE1B7110F5C40F7579782CA2393B755DB86E14B71BCF2792BB4BFAFD8F25467EF81DCEDCE833EB2F5F09665E468836AAF57446429
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:56.999 1d1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/04-16:15:57.003 1d1c Recovering log #3.2024/09/04-16:15:57.006 1d1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):350
                                                                          Entropy (8bit):5.1783107083635
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUyuGlWM+q2Pwkn23oH+Tcwt7Uh2ghZIFUt82U1Dyo1Zmw+2U1DTuBtlWMVkwOw8:PxuqL+vYfYebIhHh2FUt82yym/+2yTGU
                                                                          MD5:CC7303F9C523550EF31085CCC591779F
                                                                          SHA1:145F3FDB8119147080E58E8F8932D471E5FAA93C
                                                                          SHA-256:552D2D519C1C6A2584F1F62D83ED06CAA5383692898F47C29EF3D863644746E0
                                                                          SHA-512:F685BEE75096776F5DAB65FDE1B7110F5C40F7579782CA2393B755DB86E14B71BCF2792BB4BFAFD8F25467EF81DCEDCE833EB2F5F09665E468836AAF57446429
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:56.999 1d1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/04-16:15:57.003 1d1c Recovering log #3.2024/09/04-16:15:57.006 1d1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):524656
                                                                          Entropy (8bit):5.027445846313988E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsulT5aall:Lsc/
                                                                          MD5:A23E7351102CD86309281D09C6DE6A01
                                                                          SHA1:8ACF7710DEF10A374451F0D799050C3F1DD09756
                                                                          SHA-256:BE166C1A67BEB412310F5C8E88326BEF5E60331B387ABB5405FB9084140CE625
                                                                          SHA-512:C88B49884BB13D58A6F80D4332BDD75AEA0B95277FECC1ED51306A503768EAB752373DFCCAE4764A21B16F6AE57D4C32DD7D8181DCD62E04AE8C584216F91542
                                                                          Malicious:false
                                                                          Preview:.........................................ck ../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):0.0012471779557650352
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.47693366977411E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlSpll:Ls3E/
                                                                          MD5:99C7AD5D0DE14565BDF3A0CAD774C963
                                                                          SHA1:CE18E9C460A59D8F9374D2E946E1A4B7F913C684
                                                                          SHA-256:ED5119297ADE3AEBB94752D34318D46BAC3A5091B8C981A082367074E5566E97
                                                                          SHA-512:4B70EDD45F9A5705D46F46B19673446F7FB26A7B3247B6EBFAB6E9FE06D44FE9E9B43D60194E428C3B0F4EF0BB2420FE7A969724CBB5D34A3557656B3522BB63
                                                                          Malicious:false
                                                                          Preview:........................................... ../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):0.0012471779557650352
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):432
                                                                          Entropy (8bit):5.2749859015752545
                                                                          Encrypted:false
                                                                          SSDEEP:12:PLDM+vYfYebvqBQFUt82+g/+2zDMV5JfYebvqBvJ:9YfYebvZg8ZJfYebvk
                                                                          MD5:10A05845318BACCB1FBA497BDB5AC0E9
                                                                          SHA1:1D7F780F2FF9F7DAD3E64D68CF564247354D48FF
                                                                          SHA-256:D4023D9406913F124FBC9AD58EE6D680AEACB0D3A4873E6D8A43361F7D360349
                                                                          SHA-512:B8671D40FA5B77C3E37685DBAD25DD0DD555F6D287058F15D7953FFA5E8FE20066FACC3D9EE114409F6805B410D9FCF15F2E23276A8FAD42176D278ABA82B2F6
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:58.512 1e6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/04-16:15:58.517 1e6c Recovering log #3.2024/09/04-16:15:58.530 1e6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):432
                                                                          Entropy (8bit):5.2749859015752545
                                                                          Encrypted:false
                                                                          SSDEEP:12:PLDM+vYfYebvqBQFUt82+g/+2zDMV5JfYebvqBvJ:9YfYebvZg8ZJfYebvk
                                                                          MD5:10A05845318BACCB1FBA497BDB5AC0E9
                                                                          SHA1:1D7F780F2FF9F7DAD3E64D68CF564247354D48FF
                                                                          SHA-256:D4023D9406913F124FBC9AD58EE6D680AEACB0D3A4873E6D8A43361F7D360349
                                                                          SHA-512:B8671D40FA5B77C3E37685DBAD25DD0DD555F6D287058F15D7953FFA5E8FE20066FACC3D9EE114409F6805B410D9FCF15F2E23276A8FAD42176D278ABA82B2F6
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:58.512 1e6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/04-16:15:58.517 1e6c Recovering log #3.2024/09/04-16:15:58.530 1e6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\408e6be9-d460-423e-900f-132f1a10bc15.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6f23ecf5-efdf-46de-a1d3-b3425944df36.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7ab69735-c735-449c-a39e-721cdf1e3a90.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):193
                                                                          Entropy (8bit):4.864047146590611
                                                                          Encrypted:false
                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9375777c-0b58-4e7b-8fda-a6ebecc9ffbe.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):193
                                                                          Entropy (8bit):4.864047146590611
                                                                          Encrypted:false
                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF2c4ad.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):193
                                                                          Entropy (8bit):4.864047146590611
                                                                          Encrypted:false
                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3b835.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):193
                                                                          Entropy (8bit):4.864047146590611
                                                                          Encrypted:false
                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):0.555790634850688
                                                                          Encrypted:false
                                                                          SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                          MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                          SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                          SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                          SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2b57b.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):0.36515621748816035
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                          MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d1ba65ac-2ab8-4c63-a295-981f22bfc7a1.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):111
                                                                          Entropy (8bit):4.718418993774295
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                          MD5:285252A2F6327D41EAB203DC2F402C67
                                                                          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):80
                                                                          Entropy (8bit):3.4921535629071894
                                                                          Encrypted:false
                                                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                          MD5:69449520FD9C139C534E2970342C6BD8
                                                                          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                          Malicious:false
                                                                          Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):420
                                                                          Entropy (8bit):5.279017981583736
                                                                          Encrypted:false
                                                                          SSDEEP:12:PsDM+vYfYebvqBZFUt82vVg/+2IDMV5JfYebvqBaJ:WYfYebvyg8a8JfYebvL
                                                                          MD5:634FFCFB1AC4AD93E0B13548CF128D91
                                                                          SHA1:11025A99E3C31634060EA80C514333D93AF08C30
                                                                          SHA-256:165A45B88D1B35FF332E04AB6CAC6014D484F46DE2BE1E7E597281C314408CA5
                                                                          SHA-512:801847E26E5F560AFB8A4804D2E5DE5157EC53B0E20442F1F88A356EB3458B4278C729E503FE756D1F8660492B0E67C49B4ACF575917DB885A166C53E77EFE42
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:16:13.874 1e6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/04-16:16:13.875 1e6c Recovering log #3.2024/09/04-16:16:13.878 1e6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):420
                                                                          Entropy (8bit):5.279017981583736
                                                                          Encrypted:false
                                                                          SSDEEP:12:PsDM+vYfYebvqBZFUt82vVg/+2IDMV5JfYebvqBaJ:WYfYebvyg8a8JfYebvL
                                                                          MD5:634FFCFB1AC4AD93E0B13548CF128D91
                                                                          SHA1:11025A99E3C31634060EA80C514333D93AF08C30
                                                                          SHA-256:165A45B88D1B35FF332E04AB6CAC6014D484F46DE2BE1E7E597281C314408CA5
                                                                          SHA-512:801847E26E5F560AFB8A4804D2E5DE5157EC53B0E20442F1F88A356EB3458B4278C729E503FE756D1F8660492B0E67C49B4ACF575917DB885A166C53E77EFE42
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:16:13.874 1e6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/04-16:16:13.875 1e6c Recovering log #3.2024/09/04-16:16:13.878 1e6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):326
                                                                          Entropy (8bit):5.277181976307953
                                                                          Encrypted:false
                                                                          SSDEEP:6:PU1JyQ+q2Pwkn23oH+TcwtpIFUt82U1JtEgZmw+2U1JtEQVkwOwkn23oH+TcwtaQ:PZvYfYebmFUt82o/+2w5JfYebaUJ
                                                                          MD5:17D6FDF535BAA96E6B8A3E70FFE9EB65
                                                                          SHA1:94143E329397411A1F7CF8FEE8842677A6A30C46
                                                                          SHA-256:3CCA1E929D7815D441FCA6F3FB33BEF1533A4876A348DBEB7AB867B4D4D26497
                                                                          SHA-512:64901F4D52E87B0D8CD20AFF5B0C560FF16AEDD960EFCBC3DFFAB3B67749C62ADCAD82A5B0BDD2B512923496B7537D50B3C03A5DD1C3A55EA5618C549E63E2E9
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:57.465 1d08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/04-16:15:57.469 1d08 Recovering log #3.2024/09/04-16:15:57.469 1d08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):326
                                                                          Entropy (8bit):5.277181976307953
                                                                          Encrypted:false
                                                                          SSDEEP:6:PU1JyQ+q2Pwkn23oH+TcwtpIFUt82U1JtEgZmw+2U1JtEQVkwOwkn23oH+TcwtaQ:PZvYfYebmFUt82o/+2w5JfYebaUJ
                                                                          MD5:17D6FDF535BAA96E6B8A3E70FFE9EB65
                                                                          SHA1:94143E329397411A1F7CF8FEE8842677A6A30C46
                                                                          SHA-256:3CCA1E929D7815D441FCA6F3FB33BEF1533A4876A348DBEB7AB867B4D4D26497
                                                                          SHA-512:64901F4D52E87B0D8CD20AFF5B0C560FF16AEDD960EFCBC3DFFAB3B67749C62ADCAD82A5B0BDD2B512923496B7537D50B3C03A5DD1C3A55EA5618C549E63E2E9
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:57.465 1d08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/04-16:15:57.469 1d08 Recovering log #3.2024/09/04-16:15:57.469 1d08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):28672
                                                                          Entropy (8bit):0.26707851465859517
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                          MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                          SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                          SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                          SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):131072
                                                                          Entropy (8bit):0.005582420312713277
                                                                          Encrypted:false
                                                                          SSDEEP:3:ImtVx//l/vqfi//tyE/lL/Sl:IiVt/R/4Et6
                                                                          MD5:7A81E33DF15DC6529E19537019B410D6
                                                                          SHA1:047CB94C335CC2ABC255C24BB19BD859134293AE
                                                                          SHA-256:10C3A90DD50A714F7310C4021BDB1FC59266A6BDBDE6E7DF177654CB6DBC4B71
                                                                          SHA-512:FBCE9A4EDAF548D6BF19050EA52795AC4E7D833C440D985B2DDFD7C26AF5ECE194DC5299B03206884C6EC30FD3F7FE0B8291406B207EE9B859D2615BAAC57EA0
                                                                          Malicious:false
                                                                          Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                                          Category:dropped
                                                                          Size (bytes):184320
                                                                          Entropy (8bit):1.066839269881901
                                                                          Encrypted:false
                                                                          SSDEEP:192:QSqzWMMUfTBnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYLHn6:QrzWMffFnzkkqtXnTK+hNH+5EVumg
                                                                          MD5:DC9973946DD5F405544F6F3B2B5CA21A
                                                                          SHA1:78BA6DEBBD24702C1CDD1A4F9955A0B0B6940861
                                                                          SHA-256:8B71DAFBF5561E1F82AFF971AA2A2FF1B9A6DCE907B1A1FF47D78D4F42F3D21E
                                                                          SHA-512:D3653EFB37511769B1FAA74686BD8ED6014A867455B2A7043C7B9586C8D3E35A260FE967CCB46E62DD8869DD50D6DFBC0F7DCAB7784BB48C08FAA8F4B38809A4
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                                          Category:dropped
                                                                          Size (bytes):14336
                                                                          Entropy (8bit):1.4142989856585328
                                                                          Encrypted:false
                                                                          SSDEEP:48:uOK3tjkSdj5IUltGhp22iSBgZ2RyMM7ZuO2RyMM7nxj/:PtSjGhp22iSZAQAR
                                                                          MD5:EC3A3CB9EFB01B6D34E704C11B0420DA
                                                                          SHA1:7489B430E3CCCECAE33D8E3407D41C066B021537
                                                                          SHA-256:DF0FB7711A17F6EF80908C68A59833DB17EB20F7DFCEF1465A3DA8D6B6E0818A
                                                                          SHA-512:8CA384FFE9DEA0E94807DC9B47C1ADEC18A4F3C9BE2BA732EA2B7347A580EB215C822053AB4EC4F3BE213A0B45D7B398B205388E88CB9C5D4EB3420AFFD8DB3B
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):40960
                                                                          Entropy (8bit):0.41235120905181716
                                                                          Encrypted:false
                                                                          SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                          MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                          SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                          SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                          SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11755
                                                                          Entropy (8bit):5.190465908239046
                                                                          Encrypted:false
                                                                          SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                          MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                          SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                          SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                          SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                          Malicious:false
                                                                          Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b6d5e645-6f49-4f20-87a2-3ef791d6be02.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):37817
                                                                          Entropy (8bit):5.556099211278911
                                                                          Encrypted:false
                                                                          SSDEEP:768:9Kncr+7pLGLvfxWP91fyK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVde9KprwslIDdK5:9Kncr+cvfxWP91fyKu1jaIsKaslSVtI
                                                                          MD5:C8DB77200639795EBC7D9A012D0DC6F1
                                                                          SHA1:15301BA537954753C545BE494920C45598CD7284
                                                                          SHA-256:5DFF7BBDD30D232B415ABF9F5968821502CDA46E2AD8AA6BF2A73BCD830C073E
                                                                          SHA-512:A8BC4E107223D5D80EA8EE21370C42B7D1641CE4F9234A38143706AD9369D3A1A49881CC79453EE026A0EA4ACD904C66C99DDA807CD687EBF0D9389F24F15ABE
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369954556923749","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369954556923749","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\be022491-56fd-4744-a444-cefb94f00db3.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.558666995626419
                                                                          Encrypted:false
                                                                          SSDEEP:768:9KncFxWP91ftK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVde9KprwsltDdKpMtuB:9KncFxWP91ftKu1jaIsKasl7VtS
                                                                          MD5:049A6AFB79B85E9C6017B8B75E159771
                                                                          SHA1:E96E8E12F82FE8D825A40A55A900B2E2FED221A1
                                                                          SHA-256:C13AA3285C9A428C31EAA10953E842FBEB4762AC6395240332A651E6A59FD881
                                                                          SHA-512:DB513192E87F780082C3B3001BE4FAA35779FEA4F08E5DD80373C1ECF52B3CA40E169D39A3D596D0F70D0B3E945C3EF203B92E203D04136D4B11A8F80C994F2F
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369954556923749","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369954556923749","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bf070c81-2705-4821-a1dc-9757a939482a.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12266
                                                                          Entropy (8bit):5.0750615829557795
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVNJ9pQTryZigaba4uyeJ7aaYr3I8bpj+FzyQAgovFOj1f:sVNLA3uVJ7ajpUuQwkx
                                                                          MD5:DD74C4339E68A7DEDA289E8F933B9F48
                                                                          SHA1:D3572730BEB3FCF78F5D7C03013B63FED06D04C9
                                                                          SHA-256:2982C430618C54ACE39AA8A15557C12D3A6357B7CA41F7C440A297BE22CB5ECE
                                                                          SHA-512:B110305848A74B648652A51D1F6FC070C8810A75D0950084B6E1B53A0028DF999519B54ECA3E6D397EDD049799B91ECC3EC3F4DA067935417D5EAFC99C273B01
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369954558157420","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d7302d8e-5b49-4e94-8aa1-579efa0042c4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13688
                                                                          Entropy (8bit):5.234565327184093
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVNJ9pQTryZiuaba4uyeJ7anwCMzX5n4CfYr308bpj+FzyQAScvFOj1f:sVNLAJuVJ7aDMCzpUuQSkx
                                                                          MD5:DED086B2D9C32ADCAF03B8C1322DE3E5
                                                                          SHA1:37B02E9327F91A49DC1B0BD60B42F734029242CA
                                                                          SHA-256:77D430FD25F50DF9E8B0674DEAF81249D652D5E6412EC080516F310BA7159D8F
                                                                          SHA-512:C659ED4A6418ACCD77AC873669CCDCCE8B6E23B25BCD55D403199F7335D2BCA7B3DE6B2C13D05A183D8B8C69502D213FE98EB36036411E40A6D8D6AF4B9FCFAE
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369954558157420","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):28672
                                                                          Entropy (8bit):0.3410017321959524
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                          MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e135bc21-f12b-499d-bb88-7449035933ae.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e6fb78a4-67ae-4420-b486-f9c0c7b737df.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13578
                                                                          Entropy (8bit):5.236203662967314
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVNJ9pQTryZiuaba4uyeJ7anwCMzX5n4CfYr308bpj+FzyQADovFOj1f:sVNLAJuVJ7aDMCzpUuQhkx
                                                                          MD5:90751B490CAF7E62A046C94417B433DF
                                                                          SHA1:ECCBA793F3E54BA6B95387A5A54062BAAE63FECD
                                                                          SHA-256:BA941A518369204238028037AB0EC306CF6F78490DD146C3166BCBFA528761E0
                                                                          SHA-512:664D25A69D7FA987458917D7B144D987C966FD2D2B5414595C52FFA12F4B709F83B347CD5F6616480EF83FA456F95CFC1F617A52943F27985ED87A74869CBE57
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369954558157420","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):16384
                                                                          Entropy (8bit):0.35226517389931394
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                          MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                          SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                          SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                          SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.09778410579514832
                                                                          Encrypted:false
                                                                          SSDEEP:6:G9l//UJgnl//UJPd9XHl/Vl/Unkl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vs:Ct/UCt/UtvFnnnnnnnnnnnnnnpEo
                                                                          MD5:87E03583EB2B55797752D61DC6799D97
                                                                          SHA1:67E37B165CA4211D33A6CBEB99472F95D73C2C5A
                                                                          SHA-256:50F484A71A60E3C5CB3D071CE9173181B48A6B7D141E8A118E5AFA83291FE6AA
                                                                          SHA-512:F2FC0B495BAABEB33D2CE83C2A1FA9DAFA44E6759203E4DD662440C79060935A1A2F576D467D08C0BDC30315B9E1848A96CD9A127DC3116F8D9C2BA914645472
                                                                          Malicious:false
                                                                          Preview:..-.............H.......g.8.}_.+...[<U.v..._u..-.............H.......g.8.}_.+...[<U.v..._u........D...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                          Category:dropped
                                                                          Size (bytes):296672
                                                                          Entropy (8bit):1.01443138377561
                                                                          Encrypted:false
                                                                          SSDEEP:384:zL/LRmsgHL6L0LuLw/LoLnFL0L8L+LbLpwZKeLZN3ZeeLZ6c:zbEOwyGs5Agyn+l7N
                                                                          MD5:B9001D2930B20F1501E2144A444B6887
                                                                          SHA1:094085851FDFFE9FD048F790D7D087B708327C31
                                                                          SHA-256:74241333A049EC56651F30677D89B778CEB5E654E622C97F1C5998862C65F83E
                                                                          SHA-512:7C6DE66784883BA387B70E70EDC68488FCCD76563D6175058BB86C0F7F06036EE41E04CEA53EAF78350896917EBA132161363D3108AC18EC5FB4184E66EF94B9
                                                                          Malicious:false
                                                                          Preview:7....-...........+...[<U......bJ.........+...[<Un.n.8...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):250
                                                                          Entropy (8bit):3.6968918782369986
                                                                          Encrypted:false
                                                                          SSDEEP:3:VVXntjQPEnjQnV+S/l3seGKT9rcQ6x6YrOtlTxotlTxotlTxotlTxotlTxotlTxo:/XntM+8+il3sedhOzrOuuuuuu
                                                                          MD5:C560CF8F4043FD7A8614EAF15E682402
                                                                          SHA1:D927E5F23C20788D565891B55B4E16088C5B0226
                                                                          SHA-256:FCA0759E67632BAA2A5FCCF4EB616A45C67781BF391F46A11A2359E682A3C800
                                                                          SHA-512:D5D8689EDB80DE2635ACF9275E43FDF919AAEC3D6768E7F7B7D7A52BCCA76BCA987CDF2C59533F7E4EDB9886456A76606CCD3C3A3D91E57D23B5FBFA054BABE5
                                                                          Malicious:false
                                                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1K..#0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):281
                                                                          Entropy (8bit):5.249388228908984
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUgBVR3ERM1wkn23oH+Tcwtfrl2KLllUgO4q2Pwkn23oH+TcwtfrK+IFUv:PLR0RrfYeb1Ln1vYfYeb23FUv
                                                                          MD5:8AFD14D36746E57B5509C212DB2DB9F3
                                                                          SHA1:CBE5AAFF28CE122C77B39EC826F66610B3A79E4A
                                                                          SHA-256:96BE51EEB635139887D5E66EC96E93EE9908A333C39AF659E23047FB2F7FD3DB
                                                                          SHA-512:87D86ACB2767ECCE726625B0A21A15F92865B2D43F514D5C3D56ADDB4FD3E3C0EC2B841AA8FA1919BE855D8D7862EE962F73521B8DDFEA06C3EB6F78364D5A9B
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:58.234 1d04 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/09/04-16:15:58.493 1d04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):617
                                                                          Entropy (8bit):3.9325179151892424
                                                                          Encrypted:false
                                                                          SSDEEP:12:G0nYUteza//z3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYUtezaD3RUovhC+lvBOL0
                                                                          MD5:AD15D72AA4792C14DDD002CED70E8245
                                                                          SHA1:30D0E75166FDA7126A73480EE3222C193231B579
                                                                          SHA-256:17A781FB31D3176491D9B277ADEEE5521972C68956A2271637BBCBFEB27D6A7D
                                                                          SHA-512:20B8D19B529A392FE0CBB44844926210D98C477498377B8370AA3A3A763C047EF96BE341686406522868EF848C83EF5EF4792B17CDD0462D4680EDA542C8A54F
                                                                          Malicious:false
                                                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):299
                                                                          Entropy (8bit):5.196698189197968
                                                                          Encrypted:false
                                                                          SSDEEP:6:PUgkERM1wkn23oH+Tcwtfrzs52KLllUgZO4q2Pwkn23oH+TcwtfrzAdIFUv:P1RrfYebs9LnTvYfYeb9FUv
                                                                          MD5:7924828C0FEBCCA06C0CA74DFACDE761
                                                                          SHA1:5EC93295388A457E7D4A07E47637BCFC18F727E9
                                                                          SHA-256:58BE7FFB9D0C7C4F788CF45C2F06E3A485739F96233856E031FC07175FD17765
                                                                          SHA-512:6FF3B0D06367C2FF48352CCF00F1AB31F606429ED83CC62C20F5A61DB1DD6081D23644DB18525874894253ED95EAFDCA88E8157FC046E41F324BB378716C9A47
                                                                          Malicious:false
                                                                          Preview:2024/09/04-16:15:58.215 1d04 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/09/04-16:15:58.231 1d04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlTaKtl:Ls3NX
                                                                          MD5:81B0B03819C05C9B8CA169B159EF8CB4
                                                                          SHA1:0B7ACF4CC1236EAA72E293A8FDD74BFA2375E8FE
                                                                          SHA-256:C1EC088256E12740488AB5A7C392454BC497B0BB6016509E788A68F658FD2AF3
                                                                          SHA-512:AD602B1DA1B34BDFF5F551309CDF1193FD67ACD973D72A0C0AB57C41677FCD4BEA4A635B465B7B8AD315171E2D567885F8494AE284B91E687BA579E98168C87E
                                                                          Malicious:false
                                                                          Preview:..........................................% ../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlB2Btl:Ls3QR
                                                                          MD5:D20CE943B170CE9BEE7A12DDD269A582
                                                                          SHA1:FF5DD17E887784DE67292D29B38D5901CDF6B7C8
                                                                          SHA-256:4C4674A54003CBFDA24440B13F9AD6AD56C55FCF4541179FA30D824BDE4B6F17
                                                                          SHA-512:37F25F6603DA56AA05DB005206837DA83E39519D3809FC85E97EB68B1C33A70CCB830897377CF5293ACA339FB80AC82E84BBF9651429F0075FFE0A2B37051305
                                                                          Malicious:false
                                                                          Preview:........................................$., ../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):120
                                                                          Entropy (8bit):3.32524464792714
                                                                          Encrypted:false
                                                                          SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                          MD5:A397E5983D4A1619E36143B4D804B870
                                                                          SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                          SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                          SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                          Malicious:false
                                                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):13
                                                                          Entropy (8bit):2.7192945256669794
                                                                          Encrypted:false
                                                                          SSDEEP:3:NYLFRQI:ap2I
                                                                          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                          Malicious:false
                                                                          Preview:117.0.2045.47

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2869b.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28d03.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b27d.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d027.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d085.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d0a4.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2eff4.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f032.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF399b1.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c0d0.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f8a9.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.790802128564775
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfY5SS5ih/cI9URLl8RotoLMFVvlwhRe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akQgLeiRU4hT6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:83D4BE5D55DE90765FAF5D071911359D
                                                                          SHA1:12E0966705B50307094E2E6B1A68FF4B2F752CA8
                                                                          SHA-256:8675C70AFF1EF4579F410849EE24AC6C3EF03C5FC6EBB4E6D55DE3C50806205E
                                                                          SHA-512:F7719BDB5EC9EDE71413D252F745CAFEE71063348FBFACDD00DA1046B2E59C5753F7D05F0ED9982CC9FBB8712EE6E07355FA9C8950D067942AF85190580437A2
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB91h8otTZER4XT+Agb24PKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADFuZeyQlImoKCweGj4n6lA8QaqcXq694dUkeI1DJ0RsQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.5963118027796015
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                                          MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                                          SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                                          SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                                          SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlDPaq:Ls3Daq
                                                                          MD5:F13B58CB9944DA7A2EA9D8B2146FB314
                                                                          SHA1:A0F607083DF93F2B7F681F19AEA9762B656ACB17
                                                                          SHA-256:78051F4F88FA7C57DABE217F4665137130113ABA9429DC99CC5240BE3B7E9D9A
                                                                          SHA-512:0A4F446F7D98D4D1FF43E9290513B7283D5A35FF299B69DF506D8B865B196DAA7127F0E6E561A7A08D24D3510896B21CFC5E9BC35A401F883033966A8A397D32
                                                                          Malicious:false
                                                                          Preview:.........................................;..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):47
                                                                          Entropy (8bit):4.3818353308528755
                                                                          Encrypted:false
                                                                          SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                          MD5:48324111147DECC23AC222A361873FC5
                                                                          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                          Malicious:false
                                                                          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):35
                                                                          Entropy (8bit):4.014438730983427
                                                                          Encrypted:false
                                                                          SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                          MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                          Malicious:false
                                                                          Preview:{"forceServiceDetermination":false}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):29
                                                                          Entropy (8bit):3.922828737239167
                                                                          Encrypted:false
                                                                          SSDEEP:3:2NGw+K+:fwZ+
                                                                          MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                          SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                          SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                          SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                          Malicious:false
                                                                          Preview:customSynchronousLookupUris_0

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):35302
                                                                          Entropy (8bit):7.99333285466604
                                                                          Encrypted:true
                                                                          SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                          MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                          Malicious:false
                                                                          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):18
                                                                          Entropy (8bit):3.5724312513221195
                                                                          Encrypted:false
                                                                          SSDEEP:3:kDnaV6bVon:kDYa2
                                                                          MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                          SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                          SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                          SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                          Malicious:false
                                                                          Preview:edgeSettings_2.0-0

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3581
                                                                          Entropy (8bit):4.459693941095613
                                                                          Encrypted:false
                                                                          SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                          MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                          SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                          SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                          SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                          Malicious:false
                                                                          Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):47
                                                                          Entropy (8bit):4.493433469104717
                                                                          Encrypted:false
                                                                          SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                          MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                          SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                          SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                          SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                          Malicious:false
                                                                          Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):35302
                                                                          Entropy (8bit):7.99333285466604
                                                                          Encrypted:true
                                                                          SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                          MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                          Malicious:false
                                                                          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):50
                                                                          Entropy (8bit):3.9904355005135823
                                                                          Encrypted:false
                                                                          SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                          MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                          SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                          SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                          SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                          Malicious:false
                                                                          Preview:topTraffic_170540185939602997400506234197983529371

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):575056
                                                                          Entropy (8bit):7.999649474060713
                                                                          Encrypted:true
                                                                          SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                          MD5:BE5D1A12C1644421F877787F8E76642D
                                                                          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                          Malicious:false
                                                                          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):86
                                                                          Entropy (8bit):4.389669793590032
                                                                          Encrypted:false
                                                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                                          MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                                          SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                                          SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                                          SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                                          Malicious:false
                                                                          Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\aea9682d-6b06-418f-93dd-42adece60002.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):8239
                                                                          Entropy (8bit):5.792177370940067
                                                                          Encrypted:false
                                                                          SSDEEP:192:fsNAQg9eiRUXujZkFl6qRAq1k8SPxVLZ7VTiQ:fsNARtQ0qFl6q3QxVNZTiQ
                                                                          MD5:910A568D8C87C1A3B33D69C236C06219
                                                                          SHA1:FE575132E5784DC7779DE670A748B333C85B46C4
                                                                          SHA-256:3B832BD4140F69966E448CB1345F139376F9EDD97A7D1A8B9F3A3098664934A3
                                                                          SHA-512:EEFED824D633C336233E524DCD15E40E0997DA5E427C9950E5D785E692707A19C2127929BC739B53D0EC596FB3EF2069F4F27C30158B66D9072796C8B8084316
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b0cae4b5-918b-4190-b41e-302ca459f152.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):22925
                                                                          Entropy (8bit):6.045702224253524
                                                                          Encrypted:false
                                                                          SSDEEP:384:GtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh3Q0wJqFDXVKl21RQ5W:qMGQ7FCYXGIgtDAWtJ4n1FQvJqFDX4D8
                                                                          MD5:C921F377FA01B7DCC68487CDEF95E928
                                                                          SHA1:147CD31C5EC4286E05DAC6B90BBC25A905203276
                                                                          SHA-256:E6400A6593A1E6EA50852131A2F0214C07885837E0C38110EB13F7A215AB758A
                                                                          SHA-512:43605864D4BA123157F444022594E0A4238549537F79DA41D71EFCDC1DA8F70504B6146ABC7608B8BA15FF4656899489EEA9B1FADDE71F973340B9913592B9D4
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369954558244743","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\be5b4783-cca0-4adf-a159-6096a4a7469a.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):23967
                                                                          Entropy (8bit):6.048935014725688
                                                                          Encrypted:false
                                                                          SSDEEP:384:GtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh3Q0wkdPQF2bXVKl21RQ53:qMGQ7FCYXGIgtDAWtJ4n1FQvk9QF2bXu
                                                                          MD5:E21851EC8C08BA4A8909E57E6DA7A706
                                                                          SHA1:247ED1305F2CF39CE6F22553097C8945BAB61F93
                                                                          SHA-256:A2D4F571AA550754B9B298F5D993BF25F88198E62A1844A629E5E4FACE0B072F
                                                                          SHA-512:8DAAA61A59A1B42A0D5F1803948C1E7A2B17E15E97A1422988952EE4BE1BA89606200C76CD46F65CE4F616B3202846C326028657C86396BFFC302CF5BD623633
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369954558244743","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c80e0b58-03fd-4d94-8f23-071143c4bbe7.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):23967
                                                                          Entropy (8bit):6.048935014725688
                                                                          Encrypted:false
                                                                          SSDEEP:384:GtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh3Q0wkdPQF2bXVKl21RQ53:qMGQ7FCYXGIgtDAWtJ4n1FQvk9QF2bXu
                                                                          MD5:E21851EC8C08BA4A8909E57E6DA7A706
                                                                          SHA1:247ED1305F2CF39CE6F22553097C8945BAB61F93
                                                                          SHA-256:A2D4F571AA550754B9B298F5D993BF25F88198E62A1844A629E5E4FACE0B072F
                                                                          SHA-512:8DAAA61A59A1B42A0D5F1803948C1E7A2B17E15E97A1422988952EE4BE1BA89606200C76CD46F65CE4F616B3202846C326028657C86396BFFC302CF5BD623633
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369954558244743","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f1bb72a9-0681-42eb-8221-2efa1f6a4b25.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):25053
                                                                          Entropy (8bit):6.0303344437928885
                                                                          Encrypted:false
                                                                          SSDEEP:768:qMGQ7FCYXGIgtDAWtJ4m1FQvBQzqFDX4D8:qMGQ5XMBx1WpID8
                                                                          MD5:739765E75615538839A5D93842FD5C9D
                                                                          SHA1:68B9E48098B5F104CC555AB528C1E0550E86C9E2
                                                                          SHA-256:8E94B432B8FBAF9E83702D46747FFAE87951FEB42A62B2B109193186AD33888B
                                                                          SHA-512:5F160317789D7218E5E465E5813BF8D0D6C6D0CDBBCB9968AE49714408D47231143F9EFC9031C1FCB796F52951E2040BAFFA973629982487CC0FC3A383964916
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369954558244743","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f2e37b2f-f63b-465d-81c2-5726782963f1.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):25053
                                                                          Entropy (8bit):6.030275098902985
                                                                          Encrypted:false
                                                                          SSDEEP:768:qMGQ7FCYXGIgtDAWtJ4m1FQvBQ4qFDX4D8:qMGQ5XMBx1WkID8
                                                                          MD5:61236DB85B0EA8D4616EB2D0003B815B
                                                                          SHA1:E69393CFE9DCFE26494DA15F1EACBE62031DB06C
                                                                          SHA-256:D9F75674BC85087AE44195F0EFA69E2510E6FE1DA7BC0F15CD51316008EE1642
                                                                          SHA-512:D14867C36D8A15EC7EB47F0C6A6DA94CDD58FF0EFB8862A5B8F188B5F8019B32C6D77DA9D66AA3A59328708A5C841FABD98C635FEB8EE983692DB0B8E7768573
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369954558244743","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):2278
                                                                          Entropy (8bit):3.8419694469983274
                                                                          Encrypted:false
                                                                          SSDEEP:48:uiTrlKxrgx0xl9Il8upDZRlvjXPFuD1XVcOfMjjKd1rc:mpYrZjzNuD/cPJ
                                                                          MD5:FA5812AD19F924641E7D8C4BD1D7BC8D
                                                                          SHA1:73B8FA549206A0CD5B5B26F822420A8460E02F4E
                                                                          SHA-256:1FAE2C5751A97B7E9EF9A664BBBE788B5FC1D13CA3BEC637F8EE3E9C3E9E2926
                                                                          SHA-512:A5B29625A844CBC1BAB2582EB1DD54F5E9750EB57A47D131966751F5F3DEC72937D89B913006E489B70F8A22081062EE2DBCA92BE1D7D4E9163ECFD93092489E
                                                                          Malicious:false
                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.B.U.U.p.Q././.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.f.d.Y.f.K.L.

                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4622
                                                                          Entropy (8bit):3.992412927440287
                                                                          Encrypted:false
                                                                          SSDEEP:96:1Yu/UBx3XhqQ5zco8PU+QtrH5BRiKrYdJSCJNSTdS/5z:1yBl5Ao8sdpH5HUdcCJNR/9
                                                                          MD5:165188F916BA413B72A2516E33A0B0F1
                                                                          SHA1:013BBA58112BE52F4B8FDB6449B22E209A0D3893
                                                                          SHA-256:64EEE15B35B4F9D3C85D71A74B764477A2F74E8D37ABC37993EF274C1D8DADAB
                                                                          SHA-512:54E6ABE86C9E21A2F43159B1661406AC5A2BC814B483FC5CA2B1838E68EC979FCC05A288515CCB4DA1ADE8B5483866F7309299EFC3204B470150214032D6748E
                                                                          Malicious:false
                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.x.J.t.i.g.f./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.f.d.Y.f.K.L.

                                                                          C:\Users\user\AppData\Local\Temp\00aeb310-bd90-4b0d-9c29-0e1ce5df04e5.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Temp\1815a36a-32cc-45ec-8012-e7ddcdc0542c.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):11185
                                                                          Entropy (8bit):7.951995436832936
                                                                          Encrypted:false
                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                          C:\Users\user\AppData\Local\Temp\33885e23-73e1-4b4d-9a74-31032f29d173.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):135751
                                                                          Entropy (8bit):7.804610863392373
                                                                          Encrypted:false
                                                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                          C:\Users\user\AppData\Local\Temp\9d8d38eb-b5a1-422c-a744-30ec1ae55a0d.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                                                          Category:dropped
                                                                          Size (bytes):76319
                                                                          Entropy (8bit):7.996132588300074
                                                                          Encrypted:true
                                                                          SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                                                          MD5:24439F0E82F6A60E541FB2697F02043F
                                                                          SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                                                          SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                                                          SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                                                          Malicious:false
                                                                          Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                          C:\Users\user\AppData\Local\Temp\9deb650a-3069-4b72-b511-4cc4e34e4964.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Temp\c286da87-c376-4823-85f6-bd7806e6cf02.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                          Category:dropped
                                                                          Size (bytes):206855
                                                                          Entropy (8bit):7.983996634657522
                                                                          Encrypted:false
                                                                          SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                          MD5:788DF0376CE061534448AA17288FEA95
                                                                          SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                          SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                          SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                          Malicious:false
                                                                          Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                          C:\Users\user\AppData\Local\Temp\cdfdf3d9-f353-421d-9f5c-6e18697c141b.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 695310
                                                                          Category:dropped
                                                                          Size (bytes):530045
                                                                          Entropy (8bit):7.998114066289931
                                                                          Encrypted:true
                                                                          SSDEEP:12288:WLTluZBBd7fx7zfAegwBbNMembEUVMf+xVmY6ZODxI8OlIc:GT+BBJZvvBbiEG2+xVmYbD+8Op
                                                                          MD5:90BC7A660DD4F82E56BC9D0602517029
                                                                          SHA1:CC7E4EB7A6540FC28D43289C01259EEE45F76B3F
                                                                          SHA-256:256F192EC27849BDB3D3592886325C299D1D9437F11BA10BDD85F765A2B6E96F
                                                                          SHA-512:D304660E2C9DEDE256FA7D11355EF3806FEA431E5FA2DE9FA71EA6798CCF8142AE9EF54810CE5F5D85729EA81A1A08D94BB4EC6D36166B4BB1B5686822FCF27E
                                                                          Malicious:false
                                                                          Preview:............z..(..Oaq.Q...H..$..}.cg......7H.....=K..oU. .ANz.u...Z.0..5.P0..|s..C?1..l.h.<d..t....dq<.&/'..._...c...?.N'.u{.....$.^RNg#..o7N..G..4.F|q:...!..o...d..\..4.FS..N s.u....=....e..2..B"|..-.J.-.....e.i.e.[W.v.A.....i....#.m......N.A{......-..?m....v{....?....occ.`:....Y.yr.7.F..y.7..........4^476.?<...f...o...$..C.w7.g.?.[.fk...b..S...7..n..VgG.co...w....,..........=a........p...)\.p....\_=./.......#\.x.'.9......C...w..b....S..v...\?..5....+.b...+.k..5\.p=.k......_..+.......p}...\.p}.*.h'.....\.=l&.}......f2....}..?.n.....\..h54...\.\.p].u...........%.?..G.......p}......8\gp..z..#....>\.84.j..3.9..=\.....q.5B.....W.....\..R.......\.p-..]h..X...E.u...\....W.....\,...:...\?...5.k.....\1\...........O#.....5\o.z..{..".#.|..0.......p}../..c..@....3.Fp1..).~...>..s..1...9\.p.g..@..k.6..G.sN.....'..d3}.....l.d....D.g.8:..YX.......^!..a..|e..5.<9....<1.Z..xz....0.0....2.f0\....Y.0......7`......l.M;...I..9..4...1A.....)?..X=(R.cr>...

                                                                          C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):353
                                                                          Entropy (8bit):5.3547746127605444
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEHsVAJL9ou56s/uHsVAJLIVRUyQlEuQJjDrwv/uHsVAJLVrNufpL56s/C:YAsOL9ou56s/usOLVheu0Dkv/usOLHwY
                                                                          MD5:06BFEBC3EE46E77AFEDE0E2A76CC02D2
                                                                          SHA1:79719D4330D9A5BBBD5CC596C547A2C4F8D15A6D
                                                                          SHA-256:6BD6BBB29B2696D8A265C78E28FC53A4D3A10267E79EFACE9E97DC75BC8BF4EA
                                                                          SHA-512:8E44BA0867C9BB7FAC247D9FF2A8E0C63F48E795C265E562EAB1BAB9E6FD9CC99F34BD35F9CB7D015A4D449038ACD074E0507A2B23BCD5CA52CDF2E431DAB52C
                                                                          Malicious:false
                                                                          Preview:{"logTime": "0904/201603", "correlationVector":"jFXRtB0vVUtzPlE4fnBbFM","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0904/201603", "correlationVector":"81387F97C9274CFFB3A3611CBD2A8C02","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0904/201603", "correlationVector":"/7KUNmO5hnI60c14lLNdYy","action":"EXTENSION_UPDATER", "result":""}.

                                                                          C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.4593089050301797
                                                                          Encrypted:false
                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                          Malicious:false
                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1357705557\1815a36a-32cc-45ec-8012-e7ddcdc0542c.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):11185
                                                                          Entropy (8bit):7.951995436832936
                                                                          Encrypted:false
                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1357705557\CRX_INSTALL\_metadata\verified_contents.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1753
                                                                          Entropy (8bit):5.8889033066924155
                                                                          Encrypted:false
                                                                          SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                          MD5:738E757B92939B24CDBBD0EFC2601315
                                                                          SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                          SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                          SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                          Malicious:false
                                                                          Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1357705557\CRX_INSTALL\content.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):9815
                                                                          Entropy (8bit):6.1716321262973315
                                                                          Encrypted:false
                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                          MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                          SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                          SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                          SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                          Malicious:false
                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1357705557\CRX_INSTALL\content_new.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):10388
                                                                          Entropy (8bit):6.174387413738973
                                                                          Encrypted:false
                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                          MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                          SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                          SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                          SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                          Malicious:false
                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1357705557\CRX_INSTALL\manifest.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):962
                                                                          Entropy (8bit):5.698567446030411
                                                                          Encrypted:false
                                                                          SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                          MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                          SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                          SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                          SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                          Malicious:false
                                                                          Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\33885e23-73e1-4b4d-9a74-31032f29d173.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):135751
                                                                          Entropy (8bit):7.804610863392373
                                                                          Encrypted:false
                                                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\128.png

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                          Category:dropped
                                                                          Size (bytes):4982
                                                                          Entropy (8bit):7.929761711048726
                                                                          Encrypted:false
                                                                          SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                          MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                          SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                          SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                          SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                          Malicious:false
                                                                          Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\af\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):908
                                                                          Entropy (8bit):4.512512697156616
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                          MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                          SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                          SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                          SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\am\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1285
                                                                          Entropy (8bit):4.702209356847184
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                          MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                          SHA1:58979859B28513608626B563138097DC19236F1F
                                                                          SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                          SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ar\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1244
                                                                          Entropy (8bit):4.5533961615623735
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                          MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                          SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                          SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                          SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\az\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):977
                                                                          Entropy (8bit):4.867640976960053
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                          MD5:9A798FD298008074E59ECC253E2F2933
                                                                          SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                          SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                          SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\be\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3107
                                                                          Entropy (8bit):3.535189746470889
                                                                          Encrypted:false
                                                                          SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                          MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                          SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                          SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                          SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\bg\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1389
                                                                          Entropy (8bit):4.561317517930672
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                          MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                          SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                          SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                          SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\bn\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1763
                                                                          Entropy (8bit):4.25392954144533
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                          MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                          SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                          SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                          SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ca\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):930
                                                                          Entropy (8bit):4.569672473374877
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                          MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                          SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                          SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                          SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\cs\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):913
                                                                          Entropy (8bit):4.947221919047
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                          MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                          SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                          SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                          SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\cy\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):806
                                                                          Entropy (8bit):4.815663786215102
                                                                          Encrypted:false
                                                                          SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                          MD5:A86407C6F20818972B80B9384ACFBBED
                                                                          SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                          SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                          SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\da\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):883
                                                                          Entropy (8bit):4.5096240460083905
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                          MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                          SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                          SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                          SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\de\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1031
                                                                          Entropy (8bit):4.621865814402898
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                          MD5:D116453277CC860D196887CEC6432FFE
                                                                          SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                          SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                          SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\el\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1613
                                                                          Entropy (8bit):4.618182455684241
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                          MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                          SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                          SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                          SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\en\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):851
                                                                          Entropy (8bit):4.4858053753176526
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\en_CA\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):851
                                                                          Entropy (8bit):4.4858053753176526
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\en_GB\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):848
                                                                          Entropy (8bit):4.494568170878587
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                          MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                          SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                          SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                          SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\en_US\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1425
                                                                          Entropy (8bit):4.461560329690825
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                          MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                          SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                          SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                          SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                          Malicious:false
                                                                          Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\es\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):961
                                                                          Entropy (8bit):4.537633413451255
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                          MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                          SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                          SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                          SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\es_419\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):959
                                                                          Entropy (8bit):4.570019855018913
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                          MD5:535331F8FB98894877811B14994FEA9D
                                                                          SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                          SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                          SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\et\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):968
                                                                          Entropy (8bit):4.633956349931516
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                          MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                          SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                          SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                          SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\eu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):838
                                                                          Entropy (8bit):4.4975520913636595
                                                                          Encrypted:false
                                                                          SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                          MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                          SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                          SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                          SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\fa\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1305
                                                                          Entropy (8bit):4.673517697192589
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                          MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                          SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                          SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                          SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\fi\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):911
                                                                          Entropy (8bit):4.6294343834070935
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                          MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                          SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                          SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                          SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\fil\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):939
                                                                          Entropy (8bit):4.451724169062555
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                          MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                          SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                          SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                          SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\fr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):977
                                                                          Entropy (8bit):4.622066056638277
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                          MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                          SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                          SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                          SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):972
                                                                          Entropy (8bit):4.621319511196614
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                          MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                          SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                          SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                          SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\gl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):990
                                                                          Entropy (8bit):4.497202347098541
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                          MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                          SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                          SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                          SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\gu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1658
                                                                          Entropy (8bit):4.294833932445159
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                          MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                          SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                          SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                          SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\hi\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1672
                                                                          Entropy (8bit):4.314484457325167
                                                                          Encrypted:false
                                                                          SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                          MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                          SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                          SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                          SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\hr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):935
                                                                          Entropy (8bit):4.6369398601609735
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                          MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                          SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                          SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                          SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\hu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1065
                                                                          Entropy (8bit):4.816501737523951
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                          MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                          SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                          SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                          SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\hy\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2771
                                                                          Entropy (8bit):3.7629875118570055
                                                                          Encrypted:false
                                                                          SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                          MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                          SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                          SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                          SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\id\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):858
                                                                          Entropy (8bit):4.474411340525479
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                          MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                          SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                          SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                          SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\is\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):954
                                                                          Entropy (8bit):4.631887382471946
                                                                          Encrypted:false
                                                                          SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                          MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                          SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                          SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                          SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\it\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):899
                                                                          Entropy (8bit):4.474743599345443
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                          MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                          SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                          SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                          SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\iw\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2230
                                                                          Entropy (8bit):3.8239097369647634
                                                                          Encrypted:false
                                                                          SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                          MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                          SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                          SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                          SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ja\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1160
                                                                          Entropy (8bit):5.292894989863142
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                          MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                          SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                          SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                          SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ka\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3264
                                                                          Entropy (8bit):3.586016059431306
                                                                          Encrypted:false
                                                                          SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                          MD5:83F81D30913DC4344573D7A58BD20D85
                                                                          SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                          SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                          SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\kk\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3235
                                                                          Entropy (8bit):3.6081439490236464
                                                                          Encrypted:false
                                                                          SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                          MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                          SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                          SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                          SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\km\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3122
                                                                          Entropy (8bit):3.891443295908904
                                                                          Encrypted:false
                                                                          SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                          MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                          SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                          SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                          SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\kn\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1880
                                                                          Entropy (8bit):4.295185867329351
                                                                          Encrypted:false
                                                                          SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                          MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                          SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                          SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                          SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ko\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1042
                                                                          Entropy (8bit):5.3945675025513955
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                          MD5:F3E59EEEB007144EA26306C20E04C292
                                                                          SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                          SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                          SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\lo\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2535
                                                                          Entropy (8bit):3.8479764584971368
                                                                          Encrypted:false
                                                                          SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                          MD5:E20D6C27840B406555E2F5091B118FC5
                                                                          SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                          SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                          SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\lt\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1028
                                                                          Entropy (8bit):4.797571191712988
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                          MD5:970544AB4622701FFDF66DC556847652
                                                                          SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                          SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                          SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\lv\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):994
                                                                          Entropy (8bit):4.700308832360794
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                          MD5:A568A58817375590007D1B8ABCAEBF82
                                                                          SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                          SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                          SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ml\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2091
                                                                          Entropy (8bit):4.358252286391144
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                          MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                          SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                          SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                          SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\mn\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2778
                                                                          Entropy (8bit):3.595196082412897
                                                                          Encrypted:false
                                                                          SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                          MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                          SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                          SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                          SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\mr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1719
                                                                          Entropy (8bit):4.287702203591075
                                                                          Encrypted:false
                                                                          SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                          MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                          SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                          SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                          SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ms\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):936
                                                                          Entropy (8bit):4.457879437756106
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                          MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                          SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                          SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                          SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\my\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3830
                                                                          Entropy (8bit):3.5483353063347587
                                                                          Encrypted:false
                                                                          SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                          MD5:342335A22F1886B8BC92008597326B24
                                                                          SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                          SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                          SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ne\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1898
                                                                          Entropy (8bit):4.187050294267571
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                          MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                          SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                          SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                          SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\nl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):914
                                                                          Entropy (8bit):4.513485418448461
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                          MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                          SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                          SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                          SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\no\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):878
                                                                          Entropy (8bit):4.4541485835627475
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                          MD5:A1744B0F53CCF889955B95108367F9C8
                                                                          SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                          SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                          SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\pa\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2766
                                                                          Entropy (8bit):3.839730779948262
                                                                          Encrypted:false
                                                                          SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                          MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                          SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                          SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                          SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\pl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):978
                                                                          Entropy (8bit):4.879137540019932
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                          MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                          SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                          SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                          SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):907
                                                                          Entropy (8bit):4.599411354657937
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                          MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                          SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                          SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                          SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):914
                                                                          Entropy (8bit):4.604761241355716
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                          MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                          SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                          SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                          SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ro\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):937
                                                                          Entropy (8bit):4.686555713975264
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                          MD5:BED8332AB788098D276B448EC2B33351
                                                                          SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                          SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                          SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ru\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1337
                                                                          Entropy (8bit):4.69531415794894
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                          MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                          SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                          SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                          SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\si\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2846
                                                                          Entropy (8bit):3.7416822879702547
                                                                          Encrypted:false
                                                                          SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                          MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                          SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                          SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                          SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\sk\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):934
                                                                          Entropy (8bit):4.882122893545996
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                          MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                          SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                          SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                          SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\sl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):963
                                                                          Entropy (8bit):4.6041913416245
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                          MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                          SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                          SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                          SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\sr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1320
                                                                          Entropy (8bit):4.569671329405572
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                          MD5:7F5F8933D2D078618496C67526A2B066
                                                                          SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                          SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                          SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\sv\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):884
                                                                          Entropy (8bit):4.627108704340797
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                          MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                          SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                          SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                          SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\sw\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):980
                                                                          Entropy (8bit):4.50673686618174
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                          MD5:D0579209686889E079D87C23817EDDD5
                                                                          SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                          SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                          SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ta\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1941
                                                                          Entropy (8bit):4.132139619026436
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                          MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                          SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                          SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                          SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\te\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1969
                                                                          Entropy (8bit):4.327258153043599
                                                                          Encrypted:false
                                                                          SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                          MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                          SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                          SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                          SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\th\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1674
                                                                          Entropy (8bit):4.343724179386811
                                                                          Encrypted:false
                                                                          SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                          MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                          SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                          SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                          SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\tr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1063
                                                                          Entropy (8bit):4.853399816115876
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                          MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                          SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                          SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                          SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\uk\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1333
                                                                          Entropy (8bit):4.686760246306605
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                          MD5:970963C25C2CEF16BB6F60952E103105
                                                                          SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                          SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                          SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\ur\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1263
                                                                          Entropy (8bit):4.861856182762435
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                          MD5:8B4DF6A9281333341C939C244DDB7648
                                                                          SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                          SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                          SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\vi\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1074
                                                                          Entropy (8bit):5.062722522759407
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                          MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                          SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                          SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                          SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):879
                                                                          Entropy (8bit):5.7905809868505544
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                          MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                          SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                          SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                          SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1205
                                                                          Entropy (8bit):4.50367724745418
                                                                          Encrypted:false
                                                                          SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                          MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                          SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                          SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                          SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):843
                                                                          Entropy (8bit):5.76581227215314
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                          MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                          SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                          SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                          SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_locales\zu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):912
                                                                          Entropy (8bit):4.65963951143349
                                                                          Encrypted:false
                                                                          SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                          MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                          SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                          SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                          SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\_metadata\verified_contents.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):11280
                                                                          Entropy (8bit):5.754230909218899
                                                                          Encrypted:false
                                                                          SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                          MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                          SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                          SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                          SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                          Malicious:false
                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\dasherSettingSchema.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):854
                                                                          Entropy (8bit):4.284628987131403
                                                                          Encrypted:false
                                                                          SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                          MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                          SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                          SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                          SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                          Malicious:false
                                                                          Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\manifest.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2525
                                                                          Entropy (8bit):5.417689528134667
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                          MD5:10FF8E5B674311683D27CE1879384954
                                                                          SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                          SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                          SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                          Malicious:false
                                                                          Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\offscreendocument.html

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:HTML document, ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):97
                                                                          Entropy (8bit):4.862433271815736
                                                                          Encrypted:false
                                                                          SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                          MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                          SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                          SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                          SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                          Malicious:false
                                                                          Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\offscreendocument_main.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (4369)
                                                                          Category:dropped
                                                                          Size (bytes):95567
                                                                          Entropy (8bit):5.4016395763198135
                                                                          Encrypted:false
                                                                          SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                          MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                          SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                          SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                          SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                          Malicious:false
                                                                          Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\page_embed_script.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):291
                                                                          Entropy (8bit):4.65176400421739
                                                                          Encrypted:false
                                                                          SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                          MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                          SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                          SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                          SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                          Malicious:false
                                                                          Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7220_1581977451\CRX_INSTALL\service_worker_bin_prod.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (4369)
                                                                          Category:dropped
                                                                          Size (bytes):103988
                                                                          Entropy (8bit):5.389407461078688
                                                                          Encrypted:false
                                                                          SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                          MD5:EA946F110850F17E637B15CF22B82837
                                                                          SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                          SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                          SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                          Malicious:false
                                                                          Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                                          C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                          Category:dropped
                                                                          Size (bytes):453023
                                                                          Entropy (8bit):7.997718157581587
                                                                          Encrypted:true
                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                          Malicious:false
                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):24
                                                                          Entropy (8bit):3.91829583405449
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                          Malicious:false
                                                                          Preview:{"schema":6,"addons":[]}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):24
                                                                          Entropy (8bit):3.91829583405449
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                          Malicious:false
                                                                          Preview:{"schema":6,"addons":[]}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                          Category:dropped
                                                                          Size (bytes):66
                                                                          Entropy (8bit):4.837595020998689
                                                                          Encrypted:false
                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                          Malicious:false
                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                          Category:dropped
                                                                          Size (bytes):66
                                                                          Entropy (8bit):4.837595020998689
                                                                          Encrypted:false
                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                          Malicious:false
                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):36830
                                                                          Entropy (8bit):5.185924656884556
                                                                          Encrypted:false
                                                                          SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                          MD5:5656BA69BD2966108A461AAE35F60226
                                                                          SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                          SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                          SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                          Malicious:false
                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):36830
                                                                          Entropy (8bit):5.185924656884556
                                                                          Encrypted:false
                                                                          SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                          MD5:5656BA69BD2966108A461AAE35F60226
                                                                          SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                          SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                          SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                          Malicious:false
                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021904
                                                                          Entropy (8bit):6.648417932394748
                                                                          Encrypted:false
                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021904
                                                                          Entropy (8bit):6.648417932394748
                                                                          Encrypted:false
                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):116
                                                                          Entropy (8bit):4.968220104601006
                                                                          Encrypted:false
                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                          Malicious:false
                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):116
                                                                          Entropy (8bit):4.968220104601006
                                                                          Encrypted:false
                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                          Malicious:false
                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11292
                                                                          Entropy (8bit):5.530176113345894
                                                                          Encrypted:false
                                                                          SSDEEP:192:WnaRtZYbBp6ihj4qyaaX86K6akfGNBw8rYSl:xegqcRfcwp0
                                                                          MD5:CC0482E868E555825D869336A508FC6E
                                                                          SHA1:A96408BAE05E2B3446554FA3EB725554D6C6AEB6
                                                                          SHA-256:5DAA315B10C2E088E6E2310F9625F12B2C7D6D5EF734D1D9F963F0F58D604267
                                                                          SHA-512:32EA322B38025DACC3EBBEE0A40BBE08C260EDD407528FE3BF860222A1D4B1FCCACAE6C06716B4ADF78402FC5E33380087CFF8C1FD845004008F589DE39119CF
                                                                          Malicious:false
                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725486123);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725486123);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11292
                                                                          Entropy (8bit):5.530176113345894
                                                                          Encrypted:false
                                                                          SSDEEP:192:WnaRtZYbBp6ihj4qyaaX86K6akfGNBw8rYSl:xegqcRfcwp0
                                                                          MD5:CC0482E868E555825D869336A508FC6E
                                                                          SHA1:A96408BAE05E2B3446554FA3EB725554D6C6AEB6
                                                                          SHA-256:5DAA315B10C2E088E6E2310F9625F12B2C7D6D5EF734D1D9F963F0F58D604267
                                                                          SHA-512:32EA322B38025DACC3EBBEE0A40BBE08C260EDD407528FE3BF860222A1D4B1FCCACAE6C06716B4ADF78402FC5E33380087CFF8C1FD845004008F589DE39119CF
                                                                          Malicious:false
                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725486123);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725486123);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):53
                                                                          Entropy (8bit):4.136624295551173
                                                                          Encrypted:false
                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                          MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                          SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                          SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                          SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                          Malicious:false
                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):53
                                                                          Entropy (8bit):4.136624295551173
                                                                          Encrypted:false
                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                          MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                          SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                          SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                          SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                          Malicious:false
                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                          Category:dropped
                                                                          Size (bytes):272
                                                                          Entropy (8bit):5.487549397600649
                                                                          Encrypted:false
                                                                          SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3S0ExptVjm6NzdDdCQ:vLz2S+EWDDoWqC+bfPK32jBd9
                                                                          MD5:12CC5AE6842E2294BF8CA934359F851C
                                                                          SHA1:396F8582891AF94113128A6FBE76A18480A7A11A
                                                                          SHA-256:8D0A8244AE9E6B3AFBC4A18DF6FE4A5FD889EE7B8C3B75BA1EDE6AE4193FE97C
                                                                          SHA-512:984796A08D0CF99E463C45EACC405CDEB7C988B383F1A39AFA8D954283E017B6D3DDF1091F6773E4D217398E24A65DABFBA01FA77DA8F53F531F89C337F02E21
                                                                          Malicious:false
                                                                          Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725486111544,"startTim...$092304,"recentCrashes":0},"global":{},"cookies":[]}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                          Category:dropped
                                                                          Size (bytes):272
                                                                          Entropy (8bit):5.487549397600649
                                                                          Encrypted:false
                                                                          SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3S0ExptVjm6NzdDdCQ:vLz2S+EWDDoWqC+bfPK32jBd9
                                                                          MD5:12CC5AE6842E2294BF8CA934359F851C
                                                                          SHA1:396F8582891AF94113128A6FBE76A18480A7A11A
                                                                          SHA-256:8D0A8244AE9E6B3AFBC4A18DF6FE4A5FD889EE7B8C3B75BA1EDE6AE4193FE97C
                                                                          SHA-512:984796A08D0CF99E463C45EACC405CDEB7C988B383F1A39AFA8D954283E017B6D3DDF1091F6773E4D217398E24A65DABFBA01FA77DA8F53F531F89C337F02E21
                                                                          Malicious:false
                                                                          Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725486111544,"startTim...$092304,"recentCrashes":0},"global":{},"cookies":[]}

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                          Entropy (8bit):6.5795897745344
                                                                          TrID:
                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                          File name:file.exe
                                                                          File size:917'504 bytes
                                                                          MD5:067cd464a3b3fd735086e5cf38135190
                                                                          SHA1:4e686f7b6d5c58bb865446b413ec52cac18e3e92
                                                                          SHA256:812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986
                                                                          SHA512:84bec7837d95dcb62a71c3fb004a1b07a99690bf97c361c0a2b93834c6e58cfd4117bb7d178a6d203498e30a64fb48eec6cb6e733ca4f5bb5ef323c8fddeef6f
                                                                          SSDEEP:12288:1qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarT9:1qDEvCTbMWu7rQYlBQcBiT6rprG8av9
                                                                          TLSH:8A159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                          File Icon

                                                                          Icon Hash:aaf3e3e3938382a0

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x420577
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x66D8BE14 [Wed Sep 4 20:07:48 2024 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:5
                                                                          OS Version Minor:1
                                                                          File Version Major:5
                                                                          File Version Minor:1
                                                                          Subsystem Version Major:5
                                                                          Subsystem Version Minor:1
                                                                          Import Hash:948cc502fe9226992dce9417f952fce3

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          call 00007F3C7CB2EA13h
                                                                          jmp 00007F3C7CB2E31Fh
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          push dword ptr [ebp+08h]
                                                                          mov esi, ecx
                                                                          call 00007F3C7CB2E4FDh
                                                                          mov dword ptr [esi], 0049FDF0h
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          and dword ptr [ecx+04h], 00000000h
                                                                          mov eax, ecx
                                                                          and dword ptr [ecx+08h], 00000000h
                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          push dword ptr [ebp+08h]
                                                                          mov esi, ecx
                                                                          call 00007F3C7CB2E4CAh
                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          and dword ptr [ecx+04h], 00000000h
                                                                          mov eax, ecx
                                                                          and dword ptr [ecx+08h], 00000000h
                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          mov esi, ecx
                                                                          lea eax, dword ptr [esi+04h]
                                                                          mov dword ptr [esi], 0049FDD0h
                                                                          and dword ptr [eax], 00000000h
                                                                          and dword ptr [eax+04h], 00000000h
                                                                          push eax
                                                                          mov eax, dword ptr [ebp+08h]
                                                                          add eax, 04h
                                                                          push eax
                                                                          call 00007F3C7CB310BDh
                                                                          pop ecx
                                                                          pop ecx
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          lea eax, dword ptr [ecx+04h]
                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                          push eax
                                                                          call 00007F3C7CB31108h
                                                                          pop ecx
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          mov esi, ecx
                                                                          lea eax, dword ptr [esi+04h]
                                                                          mov dword ptr [esi], 0049FDD0h
                                                                          push eax
                                                                          call 00007F3C7CB310F1h
                                                                          test byte ptr [ebp+08h], 00000001h
                                                                          pop ecx

                                                                          Rich Headers

                                                                          Programming Language:
                                                                          • [ C ] VS2008 SP1 build 30729
                                                                          • [IMP] VS2008 SP1 build 30729

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                          .rsrc0xd40000x95000x96009304c3e5876f9548b2c7a399eec2426fFalse0.28109375data5.1616191822482005IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                          RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                                          RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                                          RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                                          RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                                          RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                                          RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                                          RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                          Imports

                                                                          DLLImport
                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                          UxTheme.dllIsThemeActive
                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                          Possible Origin

                                                                          Language of compilation systemCountry where language is spokenMap
                                                                          EnglishGreat Britain

                                                                          Network Behavior

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Sep 4, 2024 22:15:51.530636072 CEST49675443192.168.2.4173.222.162.32
                                                                          Sep 4, 2024 22:16:01.201045036 CEST49675443192.168.2.4173.222.162.32
                                                                          Sep 4, 2024 22:16:01.554615974 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:01.554631948 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:01.554683924 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:01.554876089 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:01.554886103 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.299252987 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.300262928 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.300275087 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.300638914 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.300652027 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.300694942 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.300700903 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.300766945 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.301323891 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.302439928 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.302496910 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.302690029 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.302695036 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.379199982 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.567903996 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.567939043 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.568169117 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.568176031 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.570837021 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.570893049 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.570898056 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.577380896 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.577425957 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.577430010 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.583311081 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.583372116 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.583376884 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.589622974 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.589672089 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.589677095 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.595738888 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.595868111 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.595870972 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.602094889 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.602149963 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.602154970 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.609580040 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.609658003 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.609663010 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.658585072 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.658622026 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.658638000 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.658646107 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.658693075 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.658696890 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.663017988 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.664295912 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.664302111 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.669306040 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.669342041 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.669348001 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.675492048 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.676449060 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.676455021 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.681710958 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.681778908 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.681783915 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.687936068 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.689543009 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.689548016 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.694629908 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.694705009 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.694709063 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.700401068 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.700464010 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.700469017 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.706245899 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.706289053 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.706294060 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.711997986 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.712750912 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.712754965 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.717185020 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.717654943 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.717658997 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.722564936 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.723112106 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.723117113 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.727931976 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.727987051 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.727989912 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.733325005 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.733372927 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.733376980 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.738775015 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.740855932 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.740861893 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.748982906 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.749021053 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.749047041 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.749049902 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.749058008 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.749092102 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.752078056 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.752150059 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.752155066 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.755584002 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.755624056 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.755628109 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.759176016 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.759232044 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.759236097 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.762594938 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.762684107 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.762689114 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.766149998 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.766199112 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.766204119 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.769603014 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.769658089 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.769661903 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.773083925 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.773367882 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.773372889 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.776530981 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.776854038 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.776856899 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.780195951 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.780961990 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.780966997 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.783665895 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.783915043 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.783924103 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.786952019 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.787512064 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.787516117 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.790354013 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.791868925 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.791873932 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.793879986 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.795015097 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.795020103 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.797314882 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.797362089 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.797364950 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.800836086 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.800899982 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.800904989 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.804343939 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.804384947 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.804389954 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.807706118 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.807756901 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.807761908 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.813158035 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.814439058 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.814492941 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.814511061 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.814518929 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.814537048 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.818484068 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.818767071 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.818770885 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.821055889 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.821110010 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.821115017 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.824147940 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.824182987 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.824188948 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.824193001 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.824233055 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.827122927 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.830142021 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.830188036 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.830193043 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.830362082 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:02.830410004 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.859824896 CEST49745443192.168.2.4142.250.185.225
                                                                          Sep 4, 2024 22:16:02.859833956 CEST44349745142.250.185.225192.168.2.4
                                                                          Sep 4, 2024 22:16:03.752646923 CEST4975280192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:03.757513046 CEST804975234.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:03.757577896 CEST4975280192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:03.757756948 CEST4975280192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:03.762595892 CEST804975234.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:04.223160982 CEST804975234.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:04.286005020 CEST4975280192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:04.468655109 CEST49759443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:04.468698978 CEST44349759172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.469077110 CEST49760443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:04.469099998 CEST44349760162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.469650030 CEST49759443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:04.469733000 CEST49760443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:04.470119953 CEST49760443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:04.470129967 CEST44349760162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.470235109 CEST49759443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:04.470249891 CEST44349759172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.537895918 CEST4976180192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:04.542665958 CEST804976134.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:04.544986963 CEST4976180192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:04.545135975 CEST4976180192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:04.549932957 CEST804976134.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:04.597515106 CEST49765443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:04.597537041 CEST4434976535.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:04.604306936 CEST49765443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:04.618705034 CEST49765443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:04.618721962 CEST4434976535.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:04.700936079 CEST49766443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:04.700952053 CEST44349766162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.703094959 CEST49766443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:04.703604937 CEST49766443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:04.703613997 CEST44349766162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.788470984 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:04.788492918 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:04.788588047 CEST49768443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:04.788595915 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:04.788707972 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:04.788733006 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:04.788885117 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:04.788921118 CEST49768443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:04.788922071 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:04.789068937 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:04.789079905 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:04.789197922 CEST49768443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:04.789208889 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:04.789290905 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:04.789297104 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:04.928841114 CEST44349759172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.928900957 CEST44349760162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.929243088 CEST49759443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:04.929255009 CEST44349759172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.929352999 CEST49760443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:04.929358959 CEST44349760162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.930118084 CEST44349759172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.930202961 CEST44349760162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.931606054 CEST49759443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:04.931616068 CEST49760443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:04.932631969 CEST49759443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:04.932686090 CEST44349759172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.932862043 CEST49760443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:04.932914019 CEST44349760162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.932975054 CEST49759443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:04.933037996 CEST49760443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:04.976511002 CEST44349759172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.980489969 CEST44349760162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:04.996943951 CEST804976134.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:05.043190002 CEST44349759172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.044419050 CEST49759443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:05.044620991 CEST49759443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:05.044630051 CEST44349759172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.059505939 CEST44349760162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.062439919 CEST49760443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.062673092 CEST49760443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.062676907 CEST44349760162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.102931976 CEST4434976535.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:05.102941990 CEST4434976535.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:05.107480049 CEST49765443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:05.121860027 CEST49765443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:05.121870995 CEST4434976535.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:05.121994019 CEST49765443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:05.121998072 CEST4434976535.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:05.122008085 CEST4434976535.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:05.165807009 CEST44349766162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.169138908 CEST49766443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.169152021 CEST44349766162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.170003891 CEST44349766162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.174124956 CEST49766443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.174161911 CEST4976180192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:05.175168991 CEST49766443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.175220966 CEST44349766162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.175896883 CEST49766443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.175901890 CEST44349766162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.290843964 CEST49770443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.290862083 CEST44349770162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.293195009 CEST49770443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.293472052 CEST49770443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.293481112 CEST44349770162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.294322014 CEST44349766162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.294672966 CEST49766443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.295198917 CEST49766443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.295205116 CEST44349766162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.332499027 CEST4434976535.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:05.332926035 CEST49765443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:05.430938959 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.431474924 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.431488037 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.432331085 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.432861090 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.434676886 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.434731960 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.434931040 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.454282999 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.458352089 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.458370924 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.459248066 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.459665060 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.460032940 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.460083961 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.460153103 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.464206934 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.476748943 CEST49768443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.476761103 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.477637053 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.479990005 CEST49768443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.480374098 CEST49768443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.480426073 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.480501890 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.480571032 CEST49768443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.491908073 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.491914988 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.500508070 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.524497032 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.536629915 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.536639929 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.536664963 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.536680937 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.536688089 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.536813021 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.536823034 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.538368940 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.564155102 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.564171076 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.572501898 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.579077959 CEST49768443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.579085112 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.583193064 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.583203077 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.583995104 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.587692976 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.594142914 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.686639071 CEST49768443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.825500965 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.825519085 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.825525999 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.825566053 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.825583935 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.825593948 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.825603962 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.830267906 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.830281973 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.830300093 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.830307961 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.830326080 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.830792904 CEST49768443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.834943056 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.834950924 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.834974051 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.834981918 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.844130039 CEST44349770162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.861268997 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.861284018 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.861313105 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.861341000 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.861350060 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.861365080 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.861372948 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.872509956 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.873332977 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.873339891 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.873349905 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.873373032 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.873380899 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.875797987 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.875818968 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.875835896 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.875847101 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.875866890 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.875875950 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.875897884 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.875905037 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.875932932 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.875940084 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.902371883 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.902381897 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.902406931 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.902440071 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.902441025 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.902445078 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.902455091 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.902460098 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.902462959 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.902488947 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.904567957 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.904567957 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.904575109 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904582024 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904603958 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904616117 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904623032 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904635906 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904644012 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904666901 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904678106 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904686928 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904696941 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904707909 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904772997 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.904778004 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.904808044 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.904808044 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.906076908 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.909827948 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.909832954 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.909841061 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.909847021 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.909864902 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.909873962 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.909883976 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.921817064 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.921834946 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.921848059 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.921868086 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.921876907 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.921896935 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.936840057 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.936846018 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.936857939 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.936988115 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.936994076 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.946672916 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.946681976 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.946708918 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.946739912 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.946748972 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.946751118 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.946779966 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.946790934 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.946803093 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.947206974 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947211981 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.947220087 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.947223902 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.947247982 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947252035 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.947258949 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.947280884 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947283983 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.947292089 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.947321892 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:05.947324038 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947366953 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947444916 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947480917 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947524071 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947565079 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947598934 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947638988 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947670937 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.947706938 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.949909925 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:05.950225115 CEST49770443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.950236082 CEST44349770162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.950551033 CEST44349770162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.953448057 CEST49770443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:05.953500986 CEST44349770162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:05.953620911 CEST49770443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:06.000502110 CEST44349770162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.056725025 CEST44349770162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.063700914 CEST49770443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:06.224262953 CEST49770443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:06.224275112 CEST44349770162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.225281000 CEST4975280192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:06.230092049 CEST804975234.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:06.231412888 CEST49767443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:06.231425047 CEST4434976713.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:06.283854008 CEST49768443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:06.283860922 CEST4434976813.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:06.305227995 CEST49769443192.168.2.413.107.246.60
                                                                          Sep 4, 2024 22:16:06.305243969 CEST4434976913.107.246.60192.168.2.4
                                                                          Sep 4, 2024 22:16:06.323829889 CEST804975234.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:06.386353016 CEST4975280192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:06.484746933 CEST4976180192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:06.489592075 CEST804976134.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:06.580105066 CEST804976134.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:06.681132078 CEST4976180192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:06.769329071 CEST49771443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.769349098 CEST44349771172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.769668102 CEST49772443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.769691944 CEST44349772172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.770113945 CEST49771443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.770175934 CEST49772443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.770796061 CEST49772443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.770807981 CEST44349772172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.770903111 CEST49771443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.770915985 CEST44349771172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.883141041 CEST49773443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:06.883200884 CEST44349773184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:06.883646965 CEST49773443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:06.886420965 CEST49773443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:06.886439085 CEST44349773184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:07.030239105 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.030278921 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.030613899 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.030642033 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.030769110 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.030805111 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.030874968 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.030894041 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.030982971 CEST49778443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.030992985 CEST4434977813.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.031101942 CEST49779443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.031110048 CEST4434977913.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.031203985 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.031229019 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.031229973 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.031232119 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.031564951 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.031580925 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.031668901 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.031686068 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.031749010 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.031761885 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.031833887 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.031852961 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.031985044 CEST49779443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.031985998 CEST49778443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.032167912 CEST49779443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.032183886 CEST4434977913.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.032264948 CEST49778443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.032278061 CEST4434977813.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.232341051 CEST44349772172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.247467041 CEST44349771172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.285976887 CEST49772443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.293828964 CEST49772443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.293837070 CEST44349772172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.293987036 CEST49771443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.294003010 CEST44349771172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.294375896 CEST44349771172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.294594049 CEST44349772172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.312680960 CEST49772443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.312746048 CEST44349772172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.312952042 CEST49771443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.313009977 CEST44349771172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.476592064 CEST49780443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.476618052 CEST44349780142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.476718903 CEST49781443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.476736069 CEST44349781142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.477298975 CEST49780443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.477358103 CEST49781443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.477479935 CEST49781443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.477488995 CEST44349781142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.477596998 CEST49780443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.477608919 CEST44349780142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.481528044 CEST49772443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.496768951 CEST49771443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.532747030 CEST44349773184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:07.533318996 CEST49773443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:07.550507069 CEST49773443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:07.550524950 CEST44349773184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:07.550719023 CEST44349773184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:07.665865898 CEST4434977813.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.666003942 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.669012070 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.669022083 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.669105053 CEST49778443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.669111967 CEST4434977813.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.669339895 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.669976950 CEST4434977813.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.671334028 CEST49778443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.672856092 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.672929049 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.673120022 CEST49778443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.673172951 CEST4434977813.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.673222065 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.673254013 CEST49778443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.678940058 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.679972887 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.682104111 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.682126045 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.682208061 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.682225943 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.682476997 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.683094025 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.683653116 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.683995962 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.684073925 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.684268951 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.684326887 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.684556961 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.684668064 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.692033052 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.692293882 CEST4434977913.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.692846060 CEST49779443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.692856073 CEST4434977913.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.692948103 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.692965984 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.693902969 CEST4434977913.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.694032907 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.699377060 CEST49779443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.699709892 CEST49779443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.699709892 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.699778080 CEST4434977913.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.699980021 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.700042009 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.700076103 CEST49779443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.700120926 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.709173918 CEST49773443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:07.716511965 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.716561079 CEST49773443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:07.720499039 CEST4434977813.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.732506990 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.732515097 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.740504026 CEST4434977913.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.744503975 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.764497042 CEST44349773184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:07.769598007 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.770013094 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.770387888 CEST4434977813.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.770477057 CEST4434977813.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.775309086 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.775309086 CEST49778443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.776709080 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:07.776732922 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:07.778007984 CEST49778443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.778017998 CEST4434977813.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.778287888 CEST49783443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.778295994 CEST4434978313.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.778628111 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.778634071 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.780584097 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:07.782047033 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:07.782061100 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:07.782227039 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.782664061 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.783951044 CEST49783443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.783958912 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.788297892 CEST49783443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.788311958 CEST4434978313.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.789025068 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.789367914 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.796498060 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.796516895 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.798921108 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.800506115 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.800518990 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.806606054 CEST4434977913.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.806766033 CEST49779443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.806777000 CEST4434977913.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.807499886 CEST4434977913.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.814637899 CEST49779443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.818500996 CEST49779443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.818516016 CEST4434977913.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.883610964 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:07.883631945 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:07.902601004 CEST44349773184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:07.902652025 CEST44349773184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:07.906920910 CEST49773443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:07.907509089 CEST49773443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:07.907524109 CEST44349773184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:07.907535076 CEST49773443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:07.907540083 CEST44349773184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:07.943926096 CEST44349781142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.946322918 CEST49781443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.946333885 CEST44349781142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.946671009 CEST44349781142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.946731091 CEST49781443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.947329998 CEST44349781142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.947380066 CEST49781443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.951654911 CEST49781443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.951709986 CEST44349781142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.951853037 CEST49781443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.966566086 CEST49784443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:07.966598988 CEST44349784184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:07.967899084 CEST44349780142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.967930079 CEST49784443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:07.969017982 CEST49784443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:07.969033003 CEST44349784184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:07.969989061 CEST49780443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.970002890 CEST44349780142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.970361948 CEST44349780142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.970433950 CEST49780443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.971036911 CEST44349780142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.971141100 CEST49780443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.971276045 CEST49780443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.971328020 CEST44349780142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:07.971462011 CEST49780443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:07.992497921 CEST44349781142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.016500950 CEST44349780142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.033067942 CEST49780443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.033070087 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:08.033073902 CEST44349780142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.099406958 CEST49781443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.099415064 CEST44349781142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.123081923 CEST44349781142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.123640060 CEST49781443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.124761105 CEST49781443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.124769926 CEST44349781142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.130357027 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.130557060 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.130652905 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:08.131433010 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:08.131445885 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.148912907 CEST44349780142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.148976088 CEST49780443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.149480104 CEST49780443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.149491072 CEST44349780142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.246051073 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.262130976 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:08.262166023 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.263163090 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.267340899 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:08.281908035 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:08.281977892 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.286890030 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:08.332504988 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.368351936 CEST4434978313.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.378712893 CEST49783443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:08.378725052 CEST4434978313.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.379012108 CEST4434978313.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.381171942 CEST49783443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:08.381227970 CEST4434978313.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.381309986 CEST49783443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:08.382782936 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.382817030 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.382942915 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.382968903 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.382980108 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:08.382989883 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.383038998 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:08.383287907 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.383322954 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.383416891 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:08.385035038 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:08.385035038 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:08.385056019 CEST44349782142.251.40.164192.168.2.4
                                                                          Sep 4, 2024 22:16:08.387831926 CEST49782443192.168.2.4142.251.40.164
                                                                          Sep 4, 2024 22:16:08.424503088 CEST4434978313.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.437913895 CEST49785443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.437930107 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.452260017 CEST49785443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.453803062 CEST49785443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.453810930 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.454066038 CEST49786443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.454072952 CEST44349786142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.458830118 CEST49786443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.460908890 CEST49786443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.460916996 CEST44349786142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.578118086 CEST49783443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:08.740067005 CEST4434978313.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.740097046 CEST4434978313.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.740148067 CEST4434978313.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.742645025 CEST44349784184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:08.746432066 CEST49784443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:08.746438026 CEST49783443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:08.766350031 CEST49784443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:08.766370058 CEST44349784184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:08.766570091 CEST44349784184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:08.767735958 CEST49784443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:08.770437956 CEST49783443192.168.2.413.107.246.40
                                                                          Sep 4, 2024 22:16:08.770453930 CEST4434978313.107.246.40192.168.2.4
                                                                          Sep 4, 2024 22:16:08.812510967 CEST44349784184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:09.021553993 CEST44349784184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:09.021603107 CEST44349784184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:09.021729946 CEST49784443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:09.022406101 CEST49784443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:09.022423983 CEST44349784184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:09.022434950 CEST49784443192.168.2.4184.28.90.27
                                                                          Sep 4, 2024 22:16:09.022440910 CEST44349784184.28.90.27192.168.2.4
                                                                          Sep 4, 2024 22:16:09.194562912 CEST44349786142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.194793940 CEST49786443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.194808006 CEST44349786142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.195131063 CEST44349786142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.195244074 CEST49786443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.195729017 CEST44349786142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.196149111 CEST49786443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.196635008 CEST49786443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.196691036 CEST44349786142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.196964979 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.197153091 CEST49785443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.197159052 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.197464943 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.197473049 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.197758913 CEST49785443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.198051929 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.198199987 CEST49785443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.198205948 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.198815107 CEST49785443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.198864937 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.199516058 CEST49787443192.168.2.4142.250.81.234
                                                                          Sep 4, 2024 22:16:09.199532032 CEST44349787142.250.81.234192.168.2.4
                                                                          Sep 4, 2024 22:16:09.199786901 CEST49787443192.168.2.4142.250.81.234
                                                                          Sep 4, 2024 22:16:09.200130939 CEST49787443192.168.2.4142.250.81.234
                                                                          Sep 4, 2024 22:16:09.200140953 CEST44349787142.250.81.234192.168.2.4
                                                                          Sep 4, 2024 22:16:09.294756889 CEST49786443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.294764996 CEST44349786142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.294778109 CEST49785443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.294783115 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.395066977 CEST49786443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.395066977 CEST49785443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.666152000 CEST44349787142.250.81.234192.168.2.4
                                                                          Sep 4, 2024 22:16:09.666414022 CEST49787443192.168.2.4142.250.81.234
                                                                          Sep 4, 2024 22:16:09.666421890 CEST44349787142.250.81.234192.168.2.4
                                                                          Sep 4, 2024 22:16:09.667503119 CEST44349787142.250.81.234192.168.2.4
                                                                          Sep 4, 2024 22:16:09.667557001 CEST49787443192.168.2.4142.250.81.234
                                                                          Sep 4, 2024 22:16:09.668512106 CEST49787443192.168.2.4142.250.81.234
                                                                          Sep 4, 2024 22:16:09.668562889 CEST44349787142.250.81.234192.168.2.4
                                                                          Sep 4, 2024 22:16:09.668760061 CEST49787443192.168.2.4142.250.81.234
                                                                          Sep 4, 2024 22:16:09.668766022 CEST44349787142.250.81.234192.168.2.4
                                                                          Sep 4, 2024 22:16:09.808516026 CEST44349787142.250.81.234192.168.2.4
                                                                          Sep 4, 2024 22:16:09.808562994 CEST49787443192.168.2.4142.250.81.234
                                                                          Sep 4, 2024 22:16:09.809348106 CEST49787443192.168.2.4142.250.81.234
                                                                          Sep 4, 2024 22:16:09.809355021 CEST44349787142.250.81.234192.168.2.4
                                                                          Sep 4, 2024 22:16:13.424818039 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:13.424860001 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:13.425211906 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:13.426374912 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:13.426389933 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:14.215521097 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:14.215595961 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:14.218436956 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:14.218446970 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:14.218674898 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:14.264812946 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:14.888956070 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:14.932508945 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:15.149046898 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:15.149064064 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:15.149070978 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:15.149081945 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:15.149117947 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:15.149132013 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:15.149149895 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:15.149162054 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:15.149383068 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:15.149677992 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:15.149743080 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:15.149750948 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:15.150031090 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:15.150084019 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:15.990385056 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:15.990415096 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:15.990446091 CEST49788443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:15.990453005 CEST4434978840.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:16.336282015 CEST4975280192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:16.341063023 CEST804975234.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:16.590256929 CEST4976180192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:16.703423023 CEST804976134.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:20.063852072 CEST49794443192.168.2.4152.195.19.97
                                                                          Sep 4, 2024 22:16:20.063894987 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:20.068414927 CEST49794443192.168.2.4152.195.19.97
                                                                          Sep 4, 2024 22:16:20.068712950 CEST49794443192.168.2.4152.195.19.97
                                                                          Sep 4, 2024 22:16:20.068732023 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:20.937567949 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:20.937901974 CEST49794443192.168.2.4152.195.19.97
                                                                          Sep 4, 2024 22:16:20.937936068 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:20.938894987 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:20.938958883 CEST49794443192.168.2.4152.195.19.97
                                                                          Sep 4, 2024 22:16:20.940016985 CEST49794443192.168.2.4152.195.19.97
                                                                          Sep 4, 2024 22:16:20.940078020 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:20.940197945 CEST49794443192.168.2.4152.195.19.97
                                                                          Sep 4, 2024 22:16:20.980514050 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:20.982259989 CEST49794443192.168.2.4152.195.19.97
                                                                          Sep 4, 2024 22:16:20.982278109 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:21.033149958 CEST49794443192.168.2.4152.195.19.97
                                                                          Sep 4, 2024 22:16:21.063164949 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:21.063957930 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:21.063965082 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:21.063998938 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:21.064017057 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:21.064027071 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:21.064448118 CEST49794443192.168.2.4152.195.19.97
                                                                          Sep 4, 2024 22:16:21.093827009 CEST49794443192.168.2.4152.195.19.97
                                                                          Sep 4, 2024 22:16:21.093853951 CEST44349794152.195.19.97192.168.2.4
                                                                          Sep 4, 2024 22:16:21.366189957 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.366228104 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.366360903 CEST49796443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.366398096 CEST44349796162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.367521048 CEST49796443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.367525101 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.367746115 CEST49796443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.367760897 CEST44349796162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.367866039 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.367882013 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.824359894 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.824565887 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.824593067 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.824878931 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.825177908 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.825236082 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.832055092 CEST44349796162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.832252026 CEST49796443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.832271099 CEST44349796162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.832564116 CEST44349796162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.832843065 CEST49796443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.832900047 CEST44349796162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.876490116 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.880029917 CEST49796443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:22.141926050 CEST44349772172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:22.141984940 CEST44349772172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:22.147773981 CEST49772443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:22.149621964 CEST44349771172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:22.149668932 CEST44349771172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:22.168812990 CEST49771443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:26.343853951 CEST4975280192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:26.352122068 CEST804975234.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:26.716418982 CEST4976180192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:26.721282959 CEST804976134.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:33.075134039 CEST49799443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:33.075164080 CEST4434979934.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:33.075735092 CEST49799443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:33.075990915 CEST49799443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:33.076003075 CEST4434979934.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:33.124363899 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:33.124373913 CEST4434980035.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:33.124545097 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:33.126005888 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:33.126013994 CEST4434980035.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:33.131936073 CEST49801443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:33.131942034 CEST4434980135.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:33.132133007 CEST49801443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:33.132256985 CEST49801443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:33.132266045 CEST4434980135.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:33.535023928 CEST4434979934.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:33.535089970 CEST49799443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:33.578475952 CEST49799443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:33.578486919 CEST4434979934.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:33.578674078 CEST4434979934.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:33.579071999 CEST49802443192.168.2.452.222.236.120
                                                                          Sep 4, 2024 22:16:33.579099894 CEST4434980252.222.236.120192.168.2.4
                                                                          Sep 4, 2024 22:16:33.579171896 CEST49802443192.168.2.452.222.236.120
                                                                          Sep 4, 2024 22:16:33.579447031 CEST49802443192.168.2.452.222.236.120
                                                                          Sep 4, 2024 22:16:33.579458952 CEST4434980252.222.236.120192.168.2.4
                                                                          Sep 4, 2024 22:16:33.581142902 CEST4434980035.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:33.581206083 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:33.582623959 CEST49799443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:33.582756042 CEST4434979934.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:33.582851887 CEST49799443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:33.582859039 CEST4434979934.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:33.583358049 CEST49803443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:33.583369017 CEST4434980334.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:33.583523989 CEST49803443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:33.583942890 CEST49803443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:33.583950996 CEST4434980334.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:33.585257053 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:33.585261106 CEST4434980035.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:33.585319996 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:33.585386038 CEST4434980035.190.72.216192.168.2.4
                                                                          Sep 4, 2024 22:16:33.585472107 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 4, 2024 22:16:33.589694977 CEST4975280192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:33.594465971 CEST804975234.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:33.608118057 CEST4434980135.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:33.608186960 CEST49801443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:33.611162901 CEST49801443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:33.611170053 CEST4434980135.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:33.611360073 CEST4434980135.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:33.613943100 CEST49801443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:33.614001989 CEST49801443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:33.614056110 CEST4434980135.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:33.614207029 CEST49801443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:33.615382910 CEST4976180192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:33.620321035 CEST804976134.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:33.620371103 CEST4976180192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:33.688654900 CEST804975234.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:33.688854933 CEST4975280192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:33.691524982 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:33.694174051 CEST804975234.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:33.694314003 CEST4975280192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:33.696988106 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:33.697046041 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:33.697168112 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:33.702274084 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:33.788500071 CEST4434979934.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:33.788677931 CEST49799443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:34.370456934 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:34.371537924 CEST4434980334.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:34.371649981 CEST49803443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:34.372493982 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:34.374222040 CEST49803443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:34.374232054 CEST4434980334.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:34.374425888 CEST4434980334.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:34.374430895 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:34.376307964 CEST49803443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:34.376384020 CEST49803443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:34.376429081 CEST4434980334.149.100.209192.168.2.4
                                                                          Sep 4, 2024 22:16:34.376621962 CEST49803443192.168.2.434.149.100.209
                                                                          Sep 4, 2024 22:16:34.377063990 CEST4434980252.222.236.120192.168.2.4
                                                                          Sep 4, 2024 22:16:34.377907038 CEST49802443192.168.2.452.222.236.120
                                                                          Sep 4, 2024 22:16:34.380829096 CEST49802443192.168.2.452.222.236.120
                                                                          Sep 4, 2024 22:16:34.380835056 CEST4434980252.222.236.120192.168.2.4
                                                                          Sep 4, 2024 22:16:34.381030083 CEST4434980252.222.236.120192.168.2.4
                                                                          Sep 4, 2024 22:16:34.381840944 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:34.383713961 CEST49802443192.168.2.452.222.236.120
                                                                          Sep 4, 2024 22:16:34.383797884 CEST49802443192.168.2.452.222.236.120
                                                                          Sep 4, 2024 22:16:34.383829117 CEST4434980252.222.236.120192.168.2.4
                                                                          Sep 4, 2024 22:16:34.384011030 CEST49802443192.168.2.452.222.236.120
                                                                          Sep 4, 2024 22:16:34.386662960 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:34.386756897 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:34.387005091 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:34.391335964 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.391345978 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.391551018 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.391678095 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.391686916 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.392086029 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:34.401487112 CEST49807443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.401503086 CEST4434980735.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.401707888 CEST49808443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.401731968 CEST4434980835.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.403559923 CEST49807443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.403742075 CEST49808443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.403821945 CEST49807443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.403832912 CEST4434980735.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.403841019 CEST49808443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.403851986 CEST4434980835.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.849076986 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.849375963 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.852886915 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.852894068 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.853085041 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.853557110 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.853676081 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.853704929 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.853708982 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.857002020 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:34.860661030 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:34.861872911 CEST4434980835.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.862988949 CEST49808443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.865411997 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:34.865441084 CEST49808443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.865447998 CEST4434980835.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.865639925 CEST4434980835.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.867518902 CEST49808443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.867620945 CEST49808443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.867640972 CEST4434980835.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.867784023 CEST49808443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.869257927 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:34.874039888 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:34.881653070 CEST4434980735.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.881736994 CEST49807443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.885724068 CEST49807443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.885724068 CEST49807443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.885731936 CEST4434980735.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.885744095 CEST4434980735.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.885875940 CEST49807443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.885921955 CEST4434980735.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:34.885993958 CEST49807443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:34.956840992 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:34.967638016 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:34.969769001 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:34.974728107 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:35.014974117 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:35.064498901 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 4, 2024 22:16:35.064976931 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 4, 2024 22:16:35.074477911 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:35.123001099 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:36.732917070 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:36.732969999 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:36.733092070 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:36.738806963 CEST44349796162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:36.738863945 CEST44349796162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:36.738954067 CEST49796443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:44.974823952 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:44.979722023 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:45.075098991 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:45.079900980 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:52.424351931 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:52.424380064 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:52.424561024 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:52.424808025 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:52.424818993 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:53.876801968 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:53.876905918 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:53.880366087 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:53.880374908 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:53.880598068 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:53.888503075 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:53.932501078 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:54.207750082 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:54.207770109 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:54.207808971 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:54.207829952 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:54.207839966 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:54.207984924 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:54.207986116 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:54.210393906 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:54.210445881 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:54.210802078 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:54.210807085 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:54.211137056 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:54.211188078 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:54.212930918 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:54.212944031 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:54.212970972 CEST49810443192.168.2.440.127.169.103
                                                                          Sep 4, 2024 22:16:54.212977886 CEST4434981040.127.169.103192.168.2.4
                                                                          Sep 4, 2024 22:16:54.296745062 CEST49786443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:54.296758890 CEST44349786142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:54.296775103 CEST49785443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:54.296781063 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:54.982494116 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:54.987631083 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:55.082514048 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:16:55.087483883 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:16:59.133532047 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:59.133563042 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:59.133567095 CEST49796443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:59.133589983 CEST44349796162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:17:01.379466057 CEST49772443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:01.379488945 CEST44349772172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:01.379503965 CEST49771443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:01.379527092 CEST44349771172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:02.057362080 CEST49812443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:02.057398081 CEST4434981223.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:02.057476997 CEST49812443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:02.057647943 CEST49812443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:02.057663918 CEST4434981223.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:02.616422892 CEST4434981223.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:02.616749048 CEST49812443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:02.616774082 CEST4434981223.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:02.617050886 CEST4434981223.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:02.617389917 CEST49812443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:02.617445946 CEST4434981223.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:02.617526054 CEST49812443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:02.664490938 CEST4434981223.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:02.670368910 CEST49812443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:04.822695971 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:04.822730064 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:04.822969913 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:04.822977066 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:04.823622942 CEST49815443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:04.823646069 CEST4434981534.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:04.825134039 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:04.825161934 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:04.825381041 CEST49815443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:04.825382948 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:04.825393915 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:04.825493097 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:04.825501919 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:04.825577021 CEST49815443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:04.825584888 CEST4434981534.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:04.988030910 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:04.992865086 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:05.088315964 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:05.093189955 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:05.296140909 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.296219110 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.299277067 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.299283028 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.299515963 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.299855947 CEST4434981534.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.302228928 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.302333117 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.302516937 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.304558039 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.304574966 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.304976940 CEST49815443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.318027020 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.318083048 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.379240036 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.379250050 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.379441977 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.382313013 CEST49815443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.382324934 CEST4434981534.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.382528067 CEST4434981534.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.384861946 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.384960890 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.384999990 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.386373043 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.387525082 CEST49815443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.387628078 CEST49815443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.387653112 CEST4434981534.120.208.123192.168.2.4
                                                                          Sep 4, 2024 22:17:05.388169050 CEST49815443192.168.2.434.120.208.123
                                                                          Sep 4, 2024 22:17:05.389079094 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:05.393907070 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:05.491173983 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:05.493407011 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:05.498267889 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:05.542886019 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:05.589534998 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:05.643157005 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:07.689591885 CEST4434981223.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:07.689877033 CEST49812443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:07.689937115 CEST4434981223.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:07.690099001 CEST4434981223.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:07.690567970 CEST49816443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:07.690594912 CEST4434981623.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:07.690629005 CEST49812443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:07.690644979 CEST49812443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:07.690840006 CEST49816443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:07.691062927 CEST49816443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:07.691077948 CEST4434981623.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:08.216262102 CEST4434981623.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:08.216577053 CEST49816443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:08.216597080 CEST4434981623.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:08.217458010 CEST4434981623.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:08.217538118 CEST49816443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:08.217892885 CEST49816443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:08.217945099 CEST4434981623.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:08.218041897 CEST49816443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:08.218050957 CEST4434981623.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:08.266750097 CEST49816443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:08.370693922 CEST4434981623.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:08.370738029 CEST4434981623.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:08.376872063 CEST49816443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:08.377381086 CEST49816443192.168.2.423.219.161.132
                                                                          Sep 4, 2024 22:17:08.377401114 CEST4434981623.219.161.132192.168.2.4
                                                                          Sep 4, 2024 22:17:08.398403883 CEST4972380192.168.2.4199.232.214.172
                                                                          Sep 4, 2024 22:17:08.398467064 CEST4972480192.168.2.4199.232.214.172
                                                                          Sep 4, 2024 22:17:08.699132919 CEST4972480192.168.2.4199.232.214.172
                                                                          Sep 4, 2024 22:17:08.699139118 CEST4972380192.168.2.4199.232.214.172
                                                                          Sep 4, 2024 22:17:08.702955961 CEST8049723199.232.214.172192.168.2.4
                                                                          Sep 4, 2024 22:17:08.703023911 CEST4972380192.168.2.4199.232.214.172
                                                                          Sep 4, 2024 22:17:08.709958076 CEST8049724199.232.214.172192.168.2.4
                                                                          Sep 4, 2024 22:17:08.713347912 CEST4972480192.168.2.4199.232.214.172
                                                                          Sep 4, 2024 22:17:09.104990005 CEST8049724199.232.214.172192.168.2.4
                                                                          Sep 4, 2024 22:17:09.105046034 CEST4972480192.168.2.4199.232.214.172
                                                                          Sep 4, 2024 22:17:09.105122089 CEST8049723199.232.214.172192.168.2.4
                                                                          Sep 4, 2024 22:17:09.105164051 CEST4972380192.168.2.4199.232.214.172
                                                                          Sep 4, 2024 22:17:09.105792999 CEST8049724199.232.214.172192.168.2.4
                                                                          Sep 4, 2024 22:17:09.105915070 CEST8049723199.232.214.172192.168.2.4
                                                                          Sep 4, 2024 22:17:09.514638901 CEST8049724199.232.214.172192.168.2.4
                                                                          Sep 4, 2024 22:17:09.514668941 CEST8049723199.232.214.172192.168.2.4
                                                                          Sep 4, 2024 22:17:15.502123117 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:15.507332087 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:15.595803022 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:15.600759983 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:25.516170025 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:25.616476059 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:25.885294914 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:25.885307074 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:35.889379025 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:35.889383078 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:35.894249916 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:35.894268036 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:39.301902056 CEST49786443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:17:39.301902056 CEST49785443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:17:39.301915884 CEST44349786142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:17:39.301942110 CEST44349785142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:17:45.904638052 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:45.904639959 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:46.064528942 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:46.064543962 CEST804980434.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:56.065030098 CEST4980580192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:56.065252066 CEST4980480192.168.2.434.107.221.82
                                                                          Sep 4, 2024 22:17:56.072180986 CEST804980534.107.221.82192.168.2.4
                                                                          Sep 4, 2024 22:17:56.073106050 CEST804980434.107.221.82192.168.2.4

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Sep 4, 2024 22:15:59.663564920 CEST53587481.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:01.385725975 CEST5809453192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:01.385946035 CEST5450853192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:01.546688080 CEST4956053192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:01.547167063 CEST6286553192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:01.553942919 CEST53495601.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:01.553958893 CEST53628651.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:02.563510895 CEST53498101.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:02.877837896 CEST53647821.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:03.729923010 CEST5353753192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:03.753324032 CEST6101853192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:03.760802031 CEST53610181.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:03.768662930 CEST5669153192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:03.775496960 CEST53566911.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:04.436347008 CEST5627453192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:04.443584919 CEST53562741.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:04.451538086 CEST6073153192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:04.455543995 CEST6296453192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:04.455979109 CEST6004253192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:04.456547022 CEST5315353192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:04.456680059 CEST5535553192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:04.459147930 CEST53607311.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:04.462639093 CEST53629641.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:04.462989092 CEST53600421.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:04.463594913 CEST53553551.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:04.463830948 CEST53531531.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:04.523008108 CEST5022653192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:04.597886086 CEST5074653192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:04.605741978 CEST53507461.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:04.607712030 CEST5727653192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:04.615633011 CEST53572761.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:04.683587074 CEST5070553192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:04.683718920 CEST5961553192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:04.690551043 CEST53596151.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:04.690907955 CEST53507051.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:06.463668108 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.768973112 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.913867950 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.913906097 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.913917065 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.914052963 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.914063931 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:06.914782047 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.917222977 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.917747021 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.917849064 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.918493032 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.918739080 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.918843031 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:06.918935061 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.016999006 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.017200947 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.017210007 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.017219067 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.018578053 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.018690109 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.022026062 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.027717113 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.027755022 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.027771950 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.028012991 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.028201103 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.029597044 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.117754936 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.161159039 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.370373964 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.370611906 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.471386909 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.472749949 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.473020077 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.476100922 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.666737080 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.666876078 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:07.768189907 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.769403934 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.770973921 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:07.775929928 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:08.126164913 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.437623978 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.740051031 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.740123034 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.740134954 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.768217087 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.830342054 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.830570936 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.831933022 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.832277060 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.833174944 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.833293915 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.833616972 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.833626986 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.833790064 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.927511930 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.927587032 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.928195953 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.928206921 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:08.933955908 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:08.934246063 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.006220102 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.006660938 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.010832071 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.011037111 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:09.096110106 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:09.096322060 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:09.104887962 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:09.196427107 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:09.197604895 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:09.198375940 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:09.199698925 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:16.392508984 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:16.392556906 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:16.701739073 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:16.702636957 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:16.702647924 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:16.703013897 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:16.737478971 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:16.824635029 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:19.937563896 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:19.937563896 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:19.989667892 CEST138138192.168.2.4192.168.2.255
                                                                          Sep 4, 2024 22:16:20.038382053 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:20.041057110 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:20.062951088 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:20.063281059 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:21.364200115 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:21.364612103 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:21.365689993 CEST55330443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.466023922 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.467333078 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.467628002 CEST44356527172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.468054056 CEST56527443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:16:21.679707050 CEST55330443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.812530041 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.812922955 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.813577890 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.813651085 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.813668966 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.813898087 CEST55330443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.815466881 CEST55330443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.815568924 CEST55330443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.815768957 CEST55330443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.815840006 CEST55330443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.910661936 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.910743952 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.910753965 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.910783052 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.911072016 CEST55330443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.911169052 CEST55330443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:21.912056923 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.915946007 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.942837000 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:21.943027973 CEST55330443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:22.016819954 CEST44355330162.159.61.3192.168.2.4
                                                                          Sep 4, 2024 22:16:22.043452978 CEST55330443192.168.2.4162.159.61.3
                                                                          Sep 4, 2024 22:16:33.064122915 CEST5033153192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:33.071310043 CEST53503311.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:33.075659037 CEST5251653192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:33.082514048 CEST53525161.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:33.085542917 CEST5681053192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:33.092396975 CEST53568101.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:33.132095098 CEST6249253192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:33.138772964 CEST53624921.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:33.139229059 CEST6299553192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:33.145874977 CEST53629951.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:33.249675989 CEST6436353192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:33.258867025 CEST53643631.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:33.576261044 CEST5780453192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:33.583981037 CEST53578041.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:33.584424019 CEST6298753192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:16:33.591187954 CEST53629871.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:16:37.392601967 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:37.743371964 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:37.743798971 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:37.743865967 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:37.755346060 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:37.786479950 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:37.873445034 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:37.958611965 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:38.089401960 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:38.135230064 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:38.138158083 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:38.142663956 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:16:38.170464039 CEST61709443192.168.2.4142.250.65.206
                                                                          Sep 4, 2024 22:16:38.262795925 CEST44361709142.250.65.206192.168.2.4
                                                                          Sep 4, 2024 22:17:01.380386114 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:01.380527020 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:01.380721092 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:01.380916119 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:01.747293949 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:01.850496054 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:01.850511074 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:01.850519896 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:01.850528955 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:01.850538015 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:01.850982904 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:01.851058960 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:01.851111889 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:01.851151943 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:01.952810049 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:01.957003117 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:02.054497004 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:02.056479931 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:02.056611061 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:02.056976080 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:02.818794966 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:02.818911076 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:02.948833942 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:02.949930906 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:02.950128078 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:02.956346989 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:02.957690954 CEST58815443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:17:03.268981934 CEST58815443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:17:03.598150969 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:03.598166943 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:03.598179102 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:03.598611116 CEST58815443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:17:03.691004038 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:03.691394091 CEST58815443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:17:03.693281889 CEST58815443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:17:03.693416119 CEST58815443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:17:03.819329977 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:03.819602013 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:03.819617987 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:03.819796085 CEST58815443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:17:03.819881916 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:03.819928885 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:03.820060015 CEST58815443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:17:03.928225040 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:04.824168921 CEST5962953192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:17:04.831809998 CEST53596291.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:17:04.832336903 CEST6549553192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:17:04.839777946 CEST53654951.1.1.1192.168.2.4
                                                                          Sep 4, 2024 22:17:05.388958931 CEST4988053192.168.2.41.1.1.1
                                                                          Sep 4, 2024 22:17:09.390501976 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:09.390646935 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:09.588623047 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:09.606981993 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:09.608052969 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:09.609036922 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:09.612127066 CEST60336443192.168.2.4172.64.41.3
                                                                          Sep 4, 2024 22:17:09.612843990 CEST53861443192.168.2.4172.253.63.84
                                                                          Sep 4, 2024 22:17:09.613040924 CEST53861443192.168.2.4172.253.63.84
                                                                          Sep 4, 2024 22:17:09.684468031 CEST44360336172.64.41.3192.168.2.4
                                                                          Sep 4, 2024 22:17:10.085365057 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.085459948 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.085550070 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.085561037 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.085571051 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.090878963 CEST53861443192.168.2.4172.253.63.84
                                                                          Sep 4, 2024 22:17:10.091516018 CEST53861443192.168.2.4172.253.63.84
                                                                          Sep 4, 2024 22:17:10.091768980 CEST53861443192.168.2.4172.253.63.84
                                                                          Sep 4, 2024 22:17:10.457186937 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.457202911 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.457428932 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.457503080 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.457721949 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.457731962 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.458334923 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.459878922 CEST53861443192.168.2.4172.253.63.84
                                                                          Sep 4, 2024 22:17:10.459969044 CEST53861443192.168.2.4172.253.63.84
                                                                          Sep 4, 2024 22:17:10.465509892 CEST53861443192.168.2.4172.253.63.84
                                                                          Sep 4, 2024 22:17:10.465646982 CEST53861443192.168.2.4172.253.63.84
                                                                          Sep 4, 2024 22:17:10.465713978 CEST53861443192.168.2.4172.253.63.84
                                                                          Sep 4, 2024 22:17:10.865035057 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:10.865328074 CEST53861443192.168.2.4172.253.63.84
                                                                          Sep 4, 2024 22:17:11.005652905 CEST44353861172.253.63.84192.168.2.4
                                                                          Sep 4, 2024 22:17:23.822154045 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:23.850435019 CEST58815443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:17:25.882891893 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:25.917361021 CEST58815443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:17:25.961416960 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:17:25.961693048 CEST58815443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:17:33.820406914 CEST4435881523.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:18:02.871155977 CEST63031443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:18:03.319937944 CEST4436303123.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:18:03.320498943 CEST4436303123.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:18:03.320815086 CEST63031443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:18:03.418128967 CEST4436303123.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:18:03.418513060 CEST4436303123.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:18:03.418521881 CEST4436303123.43.85.10192.168.2.4
                                                                          Sep 4, 2024 22:18:03.418761015 CEST63031443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:18:03.455306053 CEST63031443192.168.2.423.43.85.10
                                                                          Sep 4, 2024 22:18:03.516186953 CEST4436303123.43.85.10192.168.2.4

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Sep 4, 2024 22:16:01.385725975 CEST192.168.2.41.1.1.10x1fe0Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:01.385946035 CEST192.168.2.41.1.1.10x825eStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                          Sep 4, 2024 22:16:01.546688080 CEST192.168.2.41.1.1.10xd5b1Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:01.547167063 CEST192.168.2.41.1.1.10x661fStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                          Sep 4, 2024 22:16:03.729923010 CEST192.168.2.41.1.1.10x1761Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:03.753324032 CEST192.168.2.41.1.1.10x6ac3Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:03.768662930 CEST192.168.2.41.1.1.10x4b94Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.436347008 CEST192.168.2.41.1.1.10xa5d3Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.451538086 CEST192.168.2.41.1.1.10xb0f0Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.455543995 CEST192.168.2.41.1.1.10x1d4aStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.455979109 CEST192.168.2.41.1.1.10x52a1Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.456547022 CEST192.168.2.41.1.1.10xd46aStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.456680059 CEST192.168.2.41.1.1.10x1933Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.523008108 CEST192.168.2.41.1.1.10xd8e4Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.597886086 CEST192.168.2.41.1.1.10x8b6fStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.607712030 CEST192.168.2.41.1.1.10x874bStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.683587074 CEST192.168.2.41.1.1.10x4886Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.683718920 CEST192.168.2.41.1.1.10x459aStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.064122915 CEST192.168.2.41.1.1.10x119Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.075659037 CEST192.168.2.41.1.1.10x37bbStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.085542917 CEST192.168.2.41.1.1.10xc649Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.132095098 CEST192.168.2.41.1.1.10x62c4Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.139229059 CEST192.168.2.41.1.1.10x5cfeStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.249675989 CEST192.168.2.41.1.1.10xec3cStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.576261044 CEST192.168.2.41.1.1.10x5313Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.584424019 CEST192.168.2.41.1.1.10x8810Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                          Sep 4, 2024 22:17:04.824168921 CEST192.168.2.41.1.1.10xfb27Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:17:04.832336903 CEST192.168.2.41.1.1.10x401aStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                          Sep 4, 2024 22:17:05.388958931 CEST192.168.2.41.1.1.10xe13Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Sep 4, 2024 22:16:01.393412113 CEST1.1.1.1192.168.2.40x825eNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:01.396754026 CEST1.1.1.1192.168.2.40x1fe0No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:01.553942919 CEST1.1.1.1192.168.2.40xd5b1No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:01.553942919 CEST1.1.1.1192.168.2.40xd5b1No error (0)googlehosted.l.googleusercontent.com142.250.185.225A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:01.553958893 CEST1.1.1.1192.168.2.40x661fNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:02.888479948 CEST1.1.1.1192.168.2.40x5703No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:02.888479948 CEST1.1.1.1192.168.2.40x5703No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:02.889280081 CEST1.1.1.1192.168.2.40x5ea8No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:03.737044096 CEST1.1.1.1192.168.2.40x1761No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:03.737044096 CEST1.1.1.1192.168.2.40x1761No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:03.760802031 CEST1.1.1.1192.168.2.40x6ac3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:03.775496960 CEST1.1.1.1192.168.2.40x4b94No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Sep 4, 2024 22:16:03.903073072 CEST1.1.1.1192.168.2.40x24a3No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:03.903073072 CEST1.1.1.1192.168.2.40x24a3No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:03.904743910 CEST1.1.1.1192.168.2.40x74aaNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.443584919 CEST1.1.1.1192.168.2.40xa5d3No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.459147930 CEST1.1.1.1192.168.2.40xb0f0No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.459147930 CEST1.1.1.1192.168.2.40xb0f0No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.462639093 CEST1.1.1.1192.168.2.40x1d4aNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.462639093 CEST1.1.1.1192.168.2.40x1d4aNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.462989092 CEST1.1.1.1192.168.2.40x52a1No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.463594913 CEST1.1.1.1192.168.2.40x1933No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.463830948 CEST1.1.1.1192.168.2.40xd46aNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.463830948 CEST1.1.1.1192.168.2.40xd46aNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.506179094 CEST1.1.1.1192.168.2.40x7680No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.530380964 CEST1.1.1.1192.168.2.40xd8e4No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.530380964 CEST1.1.1.1192.168.2.40xd8e4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.605741978 CEST1.1.1.1192.168.2.40x8b6fNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.690551043 CEST1.1.1.1192.168.2.40x459aNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.690907955 CEST1.1.1.1192.168.2.40x4886No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.690907955 CEST1.1.1.1192.168.2.40x4886No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.787955046 CEST1.1.1.1192.168.2.40x45cNo error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:04.787955046 CEST1.1.1.1192.168.2.40x45cNo error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:05.959501028 CEST1.1.1.1192.168.2.40x5846No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:05.959501028 CEST1.1.1.1192.168.2.40x5846No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:06.965656996 CEST1.1.1.1192.168.2.40x5846No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:06.965656996 CEST1.1.1.1192.168.2.40x5846No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:07.968493938 CEST1.1.1.1192.168.2.40x5846No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:07.968493938 CEST1.1.1.1192.168.2.40x5846No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:09.982467890 CEST1.1.1.1192.168.2.40x5846No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:09.982467890 CEST1.1.1.1192.168.2.40x5846No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:13.995312929 CEST1.1.1.1192.168.2.40x5846No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:13.995312929 CEST1.1.1.1192.168.2.40x5846No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.071310043 CEST1.1.1.1192.168.2.40x119No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.071310043 CEST1.1.1.1192.168.2.40x119No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.082514048 CEST1.1.1.1192.168.2.40x37bbNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.130733967 CEST1.1.1.1192.168.2.40x24fdNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.130733967 CEST1.1.1.1192.168.2.40x24fdNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.138772964 CEST1.1.1.1192.168.2.40x62c4No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.258867025 CEST1.1.1.1192.168.2.40xec3cNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.258867025 CEST1.1.1.1192.168.2.40xec3cNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.258867025 CEST1.1.1.1192.168.2.40xec3cNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.258867025 CEST1.1.1.1192.168.2.40xec3cNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.583981037 CEST1.1.1.1192.168.2.40x5313No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.583981037 CEST1.1.1.1192.168.2.40x5313No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.583981037 CEST1.1.1.1192.168.2.40x5313No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:33.583981037 CEST1.1.1.1192.168.2.40x5313No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:34.400470972 CEST1.1.1.1192.168.2.40x2fdaNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:34.400470972 CEST1.1.1.1192.168.2.40x2fdaNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:34.868668079 CEST1.1.1.1192.168.2.40xb7d2No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:16:34.868668079 CEST1.1.1.1192.168.2.40xb7d2No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:17:04.821787119 CEST1.1.1.1192.168.2.40x7aa5No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:17:04.831809998 CEST1.1.1.1192.168.2.40xfb27No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                          Sep 4, 2024 22:17:05.396719933 CEST1.1.1.1192.168.2.40xe13No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 4, 2024 22:17:05.396719933 CEST1.1.1.1192.168.2.40xe13No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • clients2.googleusercontent.com
                                                                          • chrome.cloudflare-dns.com
                                                                          • edgeassetservice.azureedge.net
                                                                          • https:
                                                                            • www.google.com
                                                                          • fs.microsoft.com
                                                                          • www.googleapis.com
                                                                          • slscr.update.microsoft.com
                                                                          • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                          • bzib.nelreports.net
                                                                          • detectportal.firefox.com

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.44975234.107.221.82807228C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 4, 2024 22:16:03.757756948 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 4, 2024 22:16:04.223160982 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 20:45:45 GMT
                                                                          Age: 84619
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 4, 2024 22:16:06.225281000 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 4, 2024 22:16:06.323829889 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 20:45:45 GMT
                                                                          Age: 84621
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 4, 2024 22:16:16.336282015 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:16:26.343853951 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:16:33.589694977 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 4, 2024 22:16:33.688654900 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 20:45:45 GMT
                                                                          Age: 84648
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.44976134.107.221.82807228C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 4, 2024 22:16:04.545135975 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 4, 2024 22:16:04.996943951 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 22:57:01 GMT
                                                                          Age: 76743
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 4, 2024 22:16:06.484746933 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 4, 2024 22:16:06.580105066 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 22:57:01 GMT
                                                                          Age: 76745
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 4, 2024 22:16:16.590256929 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:16:26.716418982 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.44980434.107.221.82807228C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 4, 2024 22:16:33.697168112 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 4, 2024 22:16:34.370456934 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 22:57:01 GMT
                                                                          Age: 76773
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 4, 2024 22:16:34.372493982 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 22:57:01 GMT
                                                                          Age: 76773
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 4, 2024 22:16:34.860661030 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 4, 2024 22:16:34.956840992 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 22:57:01 GMT
                                                                          Age: 76773
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 4, 2024 22:16:34.969769001 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 4, 2024 22:16:35.074477911 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 22:57:01 GMT
                                                                          Age: 76774
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 4, 2024 22:16:45.075098991 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:16:55.082514048 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:05.088315964 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:05.493407011 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 4, 2024 22:17:05.589534998 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 22:57:01 GMT
                                                                          Age: 76804
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 4, 2024 22:17:15.595803022 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:25.616476059 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:35.889383078 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:45.904639959 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:56.065252066 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.44980534.107.221.82807228C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 4, 2024 22:16:34.387005091 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 4, 2024 22:16:34.857002020 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 20:45:45 GMT
                                                                          Age: 84649
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 4, 2024 22:16:34.869257927 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 4, 2024 22:16:34.967638016 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 20:45:45 GMT
                                                                          Age: 84649
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 4, 2024 22:16:44.974823952 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:16:54.982494116 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:04.988030910 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:05.389079094 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 4, 2024 22:17:05.491173983 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Tue, 03 Sep 2024 20:45:45 GMT
                                                                          Age: 84680
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 4, 2024 22:17:15.502123117 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:25.516170025 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:35.889379025 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:45.904638052 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 4, 2024 22:17:56.065030098 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.449745142.250.185.2254437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:02 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                          Host: clients2.googleusercontent.com
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:02 UTC565INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Content-Length: 135751
                                                                          X-GUploader-UploadID: AD-8ljtu1zJSQ3bHL5GAb9wOuCbd34RY1JORtYlgFjvfcHqyP2BQ8b0y-u3dusruu0DbhH1wtUI
                                                                          X-Goog-Hash: crc32c=IDdmTg==
                                                                          Server: UploadServer
                                                                          Date: Wed, 04 Sep 2024 19:26:09 GMT
                                                                          Expires: Thu, 04 Sep 2025 19:26:09 GMT
                                                                          Cache-Control: public, max-age=31536000
                                                                          Age: 2993
                                                                          Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                          ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                          Content-Type: application/x-chrome-extension
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close
                                                                          2024-09-04 20:16:02 UTC825INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                          Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                          2024-09-04 20:16:02 UTC1390INData Raw: 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87 17
                                                                          Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                                          2024-09-04 20:16:02 UTC1390INData Raw: 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35 a2
                                                                          Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                                          2024-09-04 20:16:02 UTC1390INData Raw: 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c 0d
                                                                          Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                                          2024-09-04 20:16:02 UTC1390INData Raw: 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe e3
                                                                          Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                                          2024-09-04 20:16:02 UTC1390INData Raw: 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99 49
                                                                          Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,pI
                                                                          2024-09-04 20:16:02 UTC1390INData Raw: 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50 61
                                                                          Data Ascii: =%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhPa
                                                                          2024-09-04 20:16:02 UTC1390INData Raw: c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0 c3
                                                                          Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                                          2024-09-04 20:16:02 UTC1390INData Raw: 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23 90
                                                                          Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                                          2024-09-04 20:16:02 UTC1390INData Raw: 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f 97
                                                                          Data Ascii: N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.449759172.64.41.34437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-09-04 20:16:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-09-04 20:16:05 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Wed, 04 Sep 2024 20:16:04 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8be0a7bf380e41e7-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-09-04 20:16:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 98 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom()


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.449760162.159.61.34437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-09-04 20:16:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-09-04 20:16:05 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Wed, 04 Sep 2024 20:16:05 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8be0a7bf5b9c8c54-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-09-04 20:16:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1c 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom))


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.449766162.159.61.34437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:05 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-09-04 20:16:05 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-09-04 20:16:05 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Wed, 04 Sep 2024 20:16:05 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8be0a7c0cd6f7ca2-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-09-04 20:16:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1b 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom))


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.2.44976713.107.246.604437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:05 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                          Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                          Sec-Mesh-Client-Edge-Channel: stable
                                                                          Sec-Mesh-Client-OS: Windows
                                                                          Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                          Sec-Mesh-Client-Arch: x86_64
                                                                          Sec-Mesh-Client-WebView: 0
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:05 UTC576INHTTP/1.1 200 OK
                                                                          Date: Wed, 04 Sep 2024 20:16:05 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 70207
                                                                          Connection: close
                                                                          Content-Encoding: gzip
                                                                          Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                                          ETag: 0x8DCB31E67C22927
                                                                          x-ms-request-id: 3afe9785-e01e-0066-3464-fbda5d000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240904T201605Z-16579567576w5bqfyu10zdac7g0000000b3g00000000hgxn
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-04 20:16:05 UTC15808INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                          Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97
                                                                          Data Ascii: q*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b
                                                                          Data Ascii: Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|crkX
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc
                                                                          Data Ascii: AHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;
                                                                          2024-09-04 20:16:05 UTC5247INData Raw: 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e
                                                                          Data Ascii: *'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          5192.168.2.44976913.107.246.604437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:05 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: Shoreline
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:05 UTC577INHTTP/1.1 200 OK
                                                                          Date: Wed, 04 Sep 2024 20:16:05 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 306698
                                                                          Connection: close
                                                                          Content-Encoding: gzip
                                                                          Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                          ETag: 0x8DBC9B5C40EBFF4
                                                                          x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240904T201605Z-16579567576qxwrndb60my3nes0000000bdg00000000449m
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-04 20:16:05 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                          Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                                          Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                                          Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                                          Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                                          Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                                          Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                                          Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                                          Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                                          Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                                          2024-09-04 20:16:05 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                                          Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          6192.168.2.44976813.107.246.604437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:05 UTC486OUTGET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: ArbitrationService
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:05 UTC559INHTTP/1.1 200 OK
                                                                          Date: Wed, 04 Sep 2024 20:16:05 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 11989
                                                                          Connection: close
                                                                          Last-Modified: Tue, 03 Sep 2024 22:21:22 GMT
                                                                          ETag: 0x8DCCC66BDBF99F0
                                                                          x-ms-request-id: 27c1809a-d01e-002a-0cb0-fe1d42000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240904T201605Z-16579567576kv75wmks9m65qec0000000be000000000t2my
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L2_T2
                                                                          X-Cache: TCP_REMOTE_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-04 20:16:05 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                                                                          Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          7192.168.2.449770162.159.61.34437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:05 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-09-04 20:16:05 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-09-04 20:16:06 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Wed, 04 Sep 2024 20:16:06 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8be0a7c58ff119f3-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-09-04 20:16:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 76 00 04 8e fb 28 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcomv()


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          8192.168.2.44977713.107.246.404437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:07 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:07 UTC536INHTTP/1.1 200 OK
                                                                          Date: Wed, 04 Sep 2024 20:16:07 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1966
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                          ETag: 0x8DBDCB5EC122A94
                                                                          x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240904T201607Z-16579567576ztstdfgdnkw0mpw0000000bhg00000000cksh
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-04 20:16:07 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          9192.168.2.44977813.107.246.404437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:07 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:07 UTC536INHTTP/1.1 200 OK
                                                                          Date: Wed, 04 Sep 2024 20:16:07 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1751
                                                                          Connection: close
                                                                          Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                          ETag: 0x8DBCEA8D5AACC85
                                                                          x-ms-request-id: 1e6d2d82-a01e-0061-7c30-fe2cd8000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240904T201607Z-165795675767hwjqv3v00bvq340000000bdg00000000g4v0
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-04 20:16:07 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          10192.168.2.44977613.107.246.404437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:07 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:07 UTC536INHTTP/1.1 200 OK
                                                                          Date: Wed, 04 Sep 2024 20:16:07 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1427
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                          ETag: 0x8DBDCB5EF021F8E
                                                                          x-ms-request-id: 493a985f-801e-0076-6330-feecbb000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240904T201607Z-16579567576w5bqfyu10zdac7g0000000b1000000000us2k
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-04 20:16:07 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          11192.168.2.44977513.107.246.404437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:07 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:07 UTC536INHTTP/1.1 200 OK
                                                                          Date: Wed, 04 Sep 2024 20:16:07 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 2008
                                                                          Connection: close
                                                                          Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                          ETag: 0x8DBC9B5C0C17219
                                                                          x-ms-request-id: dfec3c64-301e-004d-1130-feaee5000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240904T201607Z-16579567576kv75wmks9m65qec0000000bdg00000000vnd2
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-04 20:16:07 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          12192.168.2.44977913.107.246.404437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:07 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:07 UTC536INHTTP/1.1 200 OK
                                                                          Date: Wed, 04 Sep 2024 20:16:07 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 2229
                                                                          Connection: close
                                                                          Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                          ETag: 0x8DBD59359A9E77B
                                                                          x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240904T201607Z-16579567576phhfj0h0z9mnmag0000000b5g00000000qzg4
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-04 20:16:07 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          13192.168.2.44977413.107.246.404437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:07 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:08 UTC523INHTTP/1.1 200 OK
                                                                          Date: Wed, 04 Sep 2024 20:16:08 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1154
                                                                          Connection: close
                                                                          Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                          ETag: 0x8DBD5935D5B3965
                                                                          x-ms-request-id: d980f417-701e-004a-5a07-ff5860000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240904T201607Z-16579567576vmrmh31x74mnmgs000000030000000000tqu9
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_MISS
                                                                          Accept-Ranges: bytes
                                                                          2024-09-04 20:16:08 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          14192.168.2.449773184.28.90.27443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:07 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          Accept-Encoding: identity
                                                                          User-Agent: Microsoft BITS/7.8
                                                                          Host: fs.microsoft.com
                                                                          2024-09-04 20:16:07 UTC467INHTTP/1.1 200 OK
                                                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                          Content-Type: application/octet-stream
                                                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                          Server: ECAcc (lpl/EF67)
                                                                          X-CID: 11
                                                                          X-Ms-ApiVersion: Distribute 1.2
                                                                          X-Ms-Region: prod-weu-z1
                                                                          Cache-Control: public, max-age=160173
                                                                          Date: Wed, 04 Sep 2024 20:16:07 GMT
                                                                          Connection: close
                                                                          X-CID: 2


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          15192.168.2.449781142.250.65.2064437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:07 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                          Host: play.google.com
                                                                          Connection: keep-alive
                                                                          Accept: */*
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: x-goog-authuser
                                                                          Origin: https://accounts.google.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Sec-Fetch-Mode: cors
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Dest: empty
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:08 UTC520INHTTP/1.1 200 OK
                                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                          Access-Control-Max-Age: 86400
                                                                          Access-Control-Allow-Credentials: true
                                                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                          Content-Type: text/plain; charset=UTF-8
                                                                          Date: Wed, 04 Sep 2024 20:16:08 GMT
                                                                          Server: Playlog
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          16192.168.2.449780142.250.65.2064437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:07 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                          Host: play.google.com
                                                                          Connection: keep-alive
                                                                          Accept: */*
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: x-goog-authuser
                                                                          Origin: https://accounts.google.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Sec-Fetch-Mode: cors
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Dest: empty
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:08 UTC520INHTTP/1.1 200 OK
                                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                          Access-Control-Max-Age: 86400
                                                                          Access-Control-Allow-Credentials: true
                                                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                          Content-Type: text/plain; charset=UTF-8
                                                                          Date: Wed, 04 Sep 2024 20:16:08 GMT
                                                                          Server: Playlog
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          17192.168.2.449782142.251.40.1644437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:08 UTC899OUTGET /favicon.ico HTTP/1.1
                                                                          Host: www.google.com
                                                                          Connection: keep-alive
                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                          sec-ch-ua-mobile: ?0
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          sec-ch-ua-arch: "x86"
                                                                          sec-ch-ua-full-version: "117.0.2045.47"
                                                                          sec-ch-ua-platform-version: "10.0.0"
                                                                          sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                                          sec-ch-ua-bitness: "64"
                                                                          sec-ch-ua-model: ""
                                                                          sec-ch-ua-wow64: ?0
                                                                          sec-ch-ua-platform: "Windows"
                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: image
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:08 UTC705INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                          Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                          Content-Length: 5430
                                                                          X-Content-Type-Options: nosniff
                                                                          Server: sffe
                                                                          X-XSS-Protection: 0
                                                                          Date: Wed, 04 Sep 2024 19:39:15 GMT
                                                                          Expires: Thu, 12 Sep 2024 19:39:15 GMT
                                                                          Cache-Control: public, max-age=691200
                                                                          Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                          Content-Type: image/x-icon
                                                                          Vary: Accept-Encoding
                                                                          Age: 2213
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close
                                                                          2024-09-04 20:16:08 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                          Data Ascii: h& ( 0.v]X:X:rY
                                                                          2024-09-04 20:16:08 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                                          Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                          2024-09-04 20:16:08 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                                          Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                          2024-09-04 20:16:08 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                          Data Ascii: BBBBBBF!4I
                                                                          2024-09-04 20:16:08 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                          Data Ascii: $'


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          18192.168.2.44978313.107.246.404437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:08 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:08 UTC543INHTTP/1.1 200 OK
                                                                          Date: Wed, 04 Sep 2024 20:16:08 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1468
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                          ETag: 0x8DBDCB5E23DFC43
                                                                          x-ms-request-id: f8a0931b-601e-0038-3afc-fe295e000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240904T201608Z-16579567576rhxz5kgqdm3tfq00000000be000000000fuw8
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-09-04 20:16:08 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          19192.168.2.449784184.28.90.27443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:08 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          Accept-Encoding: identity
                                                                          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                          Range: bytes=0-2147483646
                                                                          User-Agent: Microsoft BITS/7.8
                                                                          Host: fs.microsoft.com
                                                                          2024-09-04 20:16:09 UTC515INHTTP/1.1 200 OK
                                                                          ApiVersion: Distribute 1.1
                                                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                          Content-Type: application/octet-stream
                                                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                          Server: ECAcc (lpl/EF06)
                                                                          X-CID: 11
                                                                          X-Ms-ApiVersion: Distribute 1.2
                                                                          X-Ms-Region: prod-weu-z1
                                                                          Cache-Control: public, max-age=160226
                                                                          Date: Wed, 04 Sep 2024 20:16:08 GMT
                                                                          Content-Length: 55
                                                                          Connection: close
                                                                          X-CID: 2
                                                                          2024-09-04 20:16:09 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          20192.168.2.449787142.250.81.2344437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:09 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                                                                          Host: www.googleapis.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 119
                                                                          Content-Type: application/json
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:09 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 42 58 6b 76 37 58 4c 6c 4d 63 64 37 57 4b 48 45 68 69 56 31 36 2f 71 55 72 59 68 75 6f 4c 45 45 49 6e 35 62 50 6c 35 4a 59 71 77 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                                                                          Data Ascii: {"hash":"BXkv7XLlMcd7WKHEhiV16/qUrYhuoLEEIn5bPl5JYqw=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                                                                          2024-09-04 20:16:09 UTC341INHTTP/1.1 200 OK
                                                                          Content-Type: application/json; charset=UTF-8
                                                                          Vary: Origin
                                                                          Vary: X-Origin
                                                                          Vary: Referer
                                                                          Date: Wed, 04 Sep 2024 20:16:09 GMT
                                                                          Server: ESF
                                                                          Content-Length: 483
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close
                                                                          2024-09-04 20:16:09 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 47 45 51 71 44 6e 44 39 48 75 52 43 61 38 74 67 61 6b 51 64 61 68 2f 4a 6e 49 31 59 2b 44 6f 6e 6a 31 34 56 76 72 39 35 79 2b 5a 74 73 70 6b 2b 72 68 4d 4f 31 74 4b 74 57 6e 49 72 79 4f 70 54 78 79 7a 71 62 62 32 32 49 63 35 5a 61 4f 73 76 63 66 67 33 77 31 75 2f 36 6d 45 4b 45 73 49 54 5a 67 5a 39 72 34 74 61 64 76 63 47 79 62 61 79 4a 5a 33 6c 42 4b 73 73 6c 4f 53 6d 71 6a 79 79 4d 37 66 64 34 62 54 56 54 6c 51 67 7a 47 78 36 6c 4e 75 56 56 79 49 49 65 5a 48 70 43 44 49 38 37 77 46 50 68 4c 7a 79 45 4d 4c 52 32 4b 71 65 69 30 4c 33 4c 45 75 5a 6a 69 37 55 6c 4b 78 49 5a 49 67 69 56 72 44 4c 34 63 63 42 37 48 41 4d 77 32 58 50
                                                                          Data Ascii: { "protocol_version": 1, "signature": "GEQqDnD9HuRCa8tgakQdah/JnI1Y+Donj14Vvr95y+Ztspk+rhMO1tKtWnIryOpTxyzqbb22Ic5ZaOsvcfg3w1u/6mEKEsITZgZ9r4tadvcGybayJZ3lBKsslOSmqjyyM7fd4bTVTlQgzGx6lNuVVyIIeZHpCDI87wFPhLzyEMLR2Kqei0L3LEuZji7UlKxIZIgiVrDL4ccB7HAMw2XP


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          21192.168.2.44978840.127.169.103443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:14 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=44Ap4U4Vt2uZA1A&MD=yAEX6kug HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                          Host: slscr.update.microsoft.com
                                                                          2024-09-04 20:16:15 UTC560INHTTP/1.1 200 OK
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Content-Type: application/octet-stream
                                                                          Expires: -1
                                                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                          ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                          MS-CorrelationId: b10eeeb2-d3bf-4fd7-8422-fad6cef8c8f6
                                                                          MS-RequestId: 11c71a75-88b8-4d4b-9083-ed6d2be5c68b
                                                                          MS-CV: EGTBzDFnDUiQ9ISb.0
                                                                          X-Microsoft-SLSClientCache: 2880
                                                                          Content-Disposition: attachment; filename=environment.cab
                                                                          X-Content-Type-Options: nosniff
                                                                          Date: Wed, 04 Sep 2024 20:16:14 GMT
                                                                          Connection: close
                                                                          Content-Length: 24490
                                                                          2024-09-04 20:16:15 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                          2024-09-04 20:16:15 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                          Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          22192.168.2.449794152.195.19.974437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:20 UTC620OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726085762&P2=404&P3=2&P4=bKK1RGo50h%2bFPf%2b%2f17tl%2bR9RTyRLb4zh96IDhlKMYbmTXQYGik34zlBh7s9pU0owiycjYnsN2e72XcvhHlNXng%3d%3d HTTP/1.1
                                                                          Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                          Connection: keep-alive
                                                                          MS-CV: /7KUNmO5hnI60c14lLNdYy
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:16:21 UTC632INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Age: 5407511
                                                                          Cache-Control: public, max-age=17280000
                                                                          Content-Type: application/x-chrome-extension
                                                                          Date: Wed, 04 Sep 2024 20:16:20 GMT
                                                                          Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                          Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                          MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                          MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                          MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                          Server: ECAcc (nyd/D11E)
                                                                          X-AspNet-Version: 4.0.30319
                                                                          X-AspNetMvc-Version: 5.3
                                                                          X-Cache: HIT
                                                                          X-CCC: US
                                                                          X-CID: 11
                                                                          X-Powered-By: ASP.NET
                                                                          X-Powered-By: ARR/3.0
                                                                          X-Powered-By: ASP.NET
                                                                          Content-Length: 11185
                                                                          Connection: close
                                                                          2024-09-04 20:16:21 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                          Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          23192.168.2.44981040.127.169.1034437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:16:53 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=44Ap4U4Vt2uZA1A&MD=yAEX6kug HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                          Host: slscr.update.microsoft.com
                                                                          2024-09-04 20:16:54 UTC560INHTTP/1.1 200 OK
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Content-Type: application/octet-stream
                                                                          Expires: -1
                                                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                          ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                          MS-CorrelationId: be0d04d0-59f4-4901-b535-6e23f194eed3
                                                                          MS-RequestId: cd901d23-c5c7-4b9c-801b-fd11cafb859d
                                                                          MS-CV: qj5cIeAWF0GIKNV6.0
                                                                          X-Microsoft-SLSClientCache: 1440
                                                                          Content-Disposition: attachment; filename=environment.cab
                                                                          X-Content-Type-Options: nosniff
                                                                          Date: Wed, 04 Sep 2024 20:16:53 GMT
                                                                          Connection: close
                                                                          Content-Length: 30005
                                                                          2024-09-04 20:16:54 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                          Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                          2024-09-04 20:16:54 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                          Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          24192.168.2.44981223.219.161.1324437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:17:02 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                          Host: bzib.nelreports.net
                                                                          Connection: keep-alive
                                                                          Origin: https://business.bing.com
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: content-type
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:17:07 UTC360INHTTP/1.1 200 OK
                                                                          Content-Length: 0
                                                                          Access-Control-Allow-Headers: content-type
                                                                          Date: Wed, 04 Sep 2024 20:17:07 GMT
                                                                          Connection: close
                                                                          PMUSER_FORMAT_QS:
                                                                          X-CDN-TraceId: 0.84112317.1725481022.ef96546
                                                                          Access-Control-Allow-Credentials: false
                                                                          Access-Control-Allow-Methods: *
                                                                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                          Access-Control-Allow-Origin: *


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          25192.168.2.44981623.219.161.1324437532C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-04 20:17:08 UTC382OUTPOST /api/report?cat=bingbusiness HTTP/1.1
                                                                          Host: bzib.nelreports.net
                                                                          Connection: keep-alive
                                                                          Content-Length: 475
                                                                          Content-Type: application/reports+json
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-04 20:17:08 UTC475OUTData Raw: 5b 7b 22 61 67 65 22 3a 36 30 30 30 37 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 34 38 31 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 33 2e 31 30 37 2e 36 2e 31 35 38 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 31 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 75 73 69 6e 65 73 73 2e 62 69 6e
                                                                          Data Ascii: [{"age":60007,"body":{"elapsed_time":1481,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"13.107.6.158","status_code":401,"type":"http.error"},"type":"network-error","url":"https://business.bin
                                                                          2024-09-04 20:17:08 UTC378INHTTP/1.1 503 Service Unavailable
                                                                          Content-Length: 326
                                                                          Content-Type: text/html; charset=us-ascii
                                                                          Date: Wed, 04 Sep 2024 20:17:08 GMT
                                                                          Connection: close
                                                                          PMUSER_FORMAT_QS:
                                                                          X-CDN-TraceId: 0.84112317.1725481028.ef98415
                                                                          Access-Control-Allow-Credentials: false
                                                                          Access-Control-Allow-Methods: *
                                                                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                          Access-Control-Allow-Origin: *
                                                                          2024-09-04 20:17:08 UTC326INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 0d 0a 3c
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Service Unavailable</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Service Unavailable</h2><


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:16:15:54
                                                                          Start date:04/09/2024
                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                          Imagebase:0x740000
                                                                          File size:917'504 bytes
                                                                          MD5 hash:067CD464A3B3FD735086E5CF38135190
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:1
                                                                          Start time:16:15:55
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:2
                                                                          Start time:16:15:55
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:4
                                                                          Start time:16:15:55
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:5
                                                                          Start time:16:15:56
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1988,i,1271738276480528832,4553213145392779681,262144 /prefetch:3
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:6
                                                                          Start time:16:15:56
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:7
                                                                          Start time:16:15:56
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:8
                                                                          Start time:16:15:56
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:3
                                                                          Imagebase:0x970000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:10
                                                                          Start time:16:16:00
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6612 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:11
                                                                          Start time:16:16:00
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6792 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:12
                                                                          Start time:16:16:01
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad1584df-582f-496e-af0b-964d90181397} 7228 "\\.\pipe\gecko-crash-server-pipe.7228" 25460f69310 socket
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:15
                                                                          Start time:16:16:03
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6360 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8
                                                                          Imagebase:0x7ff70f050000
                                                                          File size:1'255'976 bytes
                                                                          MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:16
                                                                          Start time:16:16:03
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6360 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8
                                                                          Imagebase:0x7ff70f050000
                                                                          File size:1'255'976 bytes
                                                                          MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:17
                                                                          Start time:16:16:04
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20230927232528 -prefsHandle 4356 -prefMapHandle 4360 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6502ddd-fe90-4b0f-af1c-6f48a17acc75} 7228 "\\.\pipe\gecko-crash-server-pipe.7228" 25473238b10 rdd
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:19
                                                                          Start time:16:16:14
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:20
                                                                          Start time:16:16:15
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1736 --field-trial-handle=2056,i,17931448310344112427,16031678975376924167,262144 /prefetch:3
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:23
                                                                          Start time:16:16:22
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:24
                                                                          Start time:16:16:23
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2136,i,15837944126860083390,5752980897279623933,262144 /prefetch:3
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:25
                                                                          Start time:16:16:57
                                                                          Start date:04/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6924 --field-trial-handle=2112,i,1213098958873801245,13367766676746776756,262144 /prefetch:8
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:false

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:2%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:5%
                                                                            Total number of Nodes:1406
                                                                            Total number of Limit Nodes:37
                                                                            execution_graph 93939 743156 93942 743170 93939->93942 93943 743187 93942->93943 93944 74318c 93943->93944 93945 7431eb 93943->93945 93982 7431e9 93943->93982 93949 743265 PostQuitMessage 93944->93949 93950 743199 93944->93950 93947 782dfb 93945->93947 93948 7431f1 93945->93948 93946 7431d0 DefWindowProcW 93983 74316a 93946->93983 93994 7418e2 10 API calls 93947->93994 93951 74321d SetTimer RegisterWindowMessageW 93948->93951 93952 7431f8 93948->93952 93949->93983 93954 7431a4 93950->93954 93955 782e7c 93950->93955 93959 743246 CreatePopupMenu 93951->93959 93951->93983 93956 782d9c 93952->93956 93957 743201 KillTimer 93952->93957 93960 782e68 93954->93960 93961 7431ae 93954->93961 94008 7abf30 34 API calls ___scrt_fastfail 93955->94008 93963 782da1 93956->93963 93964 782dd7 MoveWindow 93956->93964 93987 7430f2 93957->93987 93958 782e1c 93995 75e499 42 API calls 93958->93995 93959->93983 94007 7ac161 27 API calls ___scrt_fastfail 93960->94007 93968 782e4d 93961->93968 93969 7431b9 93961->93969 93971 782dc6 SetFocus 93963->93971 93972 782da7 93963->93972 93964->93983 93968->93946 94006 7a0ad7 22 API calls 93968->94006 93975 7431c4 93969->93975 93976 743253 93969->93976 93970 782e8e 93970->93946 93970->93983 93971->93983 93972->93975 93977 782db0 93972->93977 93974 743263 93974->93983 93975->93946 93984 7430f2 Shell_NotifyIconW 93975->93984 93992 74326f 44 API calls ___scrt_fastfail 93976->93992 93993 7418e2 10 API calls 93977->93993 93982->93946 93985 782e41 93984->93985 93996 743837 93985->93996 93988 743154 93987->93988 93989 743104 ___scrt_fastfail 93987->93989 93991 743c50 DeleteObject DestroyWindow 93988->93991 93990 743123 Shell_NotifyIconW 93989->93990 93990->93988 93991->93983 93992->93974 93993->93983 93994->93958 93995->93975 93997 743862 ___scrt_fastfail 93996->93997 94009 744212 93997->94009 94000 7438e8 94002 743906 Shell_NotifyIconW 94000->94002 94003 783386 Shell_NotifyIconW 94000->94003 94013 743923 94002->94013 94005 74391c 94005->93982 94006->93982 94007->93974 94008->93970 94010 7438b7 94009->94010 94011 7835a4 94009->94011 94010->94000 94035 7ac874 42 API calls _strftime 94010->94035 94011->94010 94012 7835ad DestroyIcon 94011->94012 94012->94010 94014 743a13 94013->94014 94015 74393f 94013->94015 94014->94005 94036 746270 94015->94036 94018 783393 LoadStringW 94021 7833ad 94018->94021 94019 74395a 94041 746b57 94019->94041 94030 743994 ___scrt_fastfail 94021->94030 94054 74a8c7 22 API calls __fread_nolock 94021->94054 94022 74396f 94023 7833c9 94022->94023 94024 74397c 94022->94024 94055 746350 22 API calls 94023->94055 94024->94021 94026 743986 94024->94026 94053 746350 22 API calls 94026->94053 94029 7833d7 94029->94030 94056 7433c6 94029->94056 94032 7439f9 Shell_NotifyIconW 94030->94032 94032->94014 94033 7833f9 94034 7433c6 22 API calls 94033->94034 94034->94030 94035->94000 94065 75fe0b 94036->94065 94038 746295 94075 75fddb 94038->94075 94040 74394d 94040->94018 94040->94019 94042 746b67 _wcslen 94041->94042 94043 784ba1 94041->94043 94046 746ba2 94042->94046 94047 746b7d 94042->94047 94101 7493b2 94043->94101 94045 784baa 94045->94045 94049 75fddb 22 API calls 94046->94049 94100 746f34 22 API calls 94047->94100 94051 746bae 94049->94051 94050 746b85 __fread_nolock 94050->94022 94052 75fe0b 22 API calls 94051->94052 94052->94050 94053->94030 94054->94030 94055->94029 94057 7830bb 94056->94057 94058 7433dd 94056->94058 94060 75fddb 22 API calls 94057->94060 94111 7433ee 94058->94111 94062 7830c5 _wcslen 94060->94062 94061 7433e8 94061->94033 94063 75fe0b 22 API calls 94062->94063 94064 7830fe __fread_nolock 94063->94064 94067 75fddb 94065->94067 94068 75fdfa 94067->94068 94071 75fdfc 94067->94071 94085 76ea0c 94067->94085 94092 764ead 7 API calls 2 library calls 94067->94092 94068->94038 94070 76066d 94094 7632a4 RaiseException 94070->94094 94071->94070 94093 7632a4 RaiseException 94071->94093 94074 76068a 94074->94038 94077 75fde0 94075->94077 94076 76ea0c ___std_exception_copy 21 API calls 94076->94077 94077->94076 94078 75fdfa 94077->94078 94080 75fdfc 94077->94080 94097 764ead 7 API calls 2 library calls 94077->94097 94078->94040 94081 76066d 94080->94081 94098 7632a4 RaiseException 94080->94098 94099 7632a4 RaiseException 94081->94099 94084 76068a 94084->94040 94091 773820 BuildCatchObjectHelperInternal 94085->94091 94086 77385e 94096 76f2d9 20 API calls _free 94086->94096 94087 773849 RtlAllocateHeap 94089 77385c 94087->94089 94087->94091 94089->94067 94091->94086 94091->94087 94095 764ead 7 API calls 2 library calls 94091->94095 94092->94067 94093->94070 94094->94074 94095->94091 94096->94089 94097->94077 94098->94081 94099->94084 94100->94050 94102 7493c0 94101->94102 94104 7493c9 __fread_nolock 94101->94104 94102->94104 94105 74aec9 94102->94105 94104->94045 94106 74aedc 94105->94106 94110 74aed9 __fread_nolock 94105->94110 94107 75fddb 22 API calls 94106->94107 94108 74aee7 94107->94108 94109 75fe0b 22 API calls 94108->94109 94109->94110 94110->94104 94112 7433fe _wcslen 94111->94112 94113 78311d 94112->94113 94114 743411 94112->94114 94116 75fddb 22 API calls 94113->94116 94121 74a587 94114->94121 94118 783127 94116->94118 94117 74341e __fread_nolock 94117->94061 94119 75fe0b 22 API calls 94118->94119 94120 783157 __fread_nolock 94119->94120 94122 74a59d 94121->94122 94125 74a598 __fread_nolock 94121->94125 94123 75fe0b 22 API calls 94122->94123 94124 78f80f 94122->94124 94123->94125 94125->94117 94126 742e37 94205 74a961 94126->94205 94130 742e6b 94224 743a5a 94130->94224 94132 742e7f 94231 749cb3 94132->94231 94137 782cb0 94277 7b2cf9 94137->94277 94138 742ead 94259 74a8c7 22 API calls __fread_nolock 94138->94259 94140 782cc3 94142 782ccf 94140->94142 94303 744f39 94140->94303 94146 744f39 68 API calls 94142->94146 94144 742ec3 94260 746f88 22 API calls 94144->94260 94148 782ce5 94146->94148 94147 742ecf 94149 749cb3 22 API calls 94147->94149 94309 743084 22 API calls 94148->94309 94150 742edc 94149->94150 94261 74a81b 41 API calls 94150->94261 94153 742eec 94155 749cb3 22 API calls 94153->94155 94154 782d02 94310 743084 22 API calls 94154->94310 94156 742f12 94155->94156 94262 74a81b 41 API calls 94156->94262 94159 782d1e 94160 743a5a 24 API calls 94159->94160 94161 782d44 94160->94161 94311 743084 22 API calls 94161->94311 94162 742f21 94165 74a961 22 API calls 94162->94165 94164 782d50 94312 74a8c7 22 API calls __fread_nolock 94164->94312 94167 742f3f 94165->94167 94263 743084 22 API calls 94167->94263 94168 782d5e 94313 743084 22 API calls 94168->94313 94171 742f4b 94264 764a28 40 API calls 3 library calls 94171->94264 94173 742f59 94173->94148 94174 742f63 94173->94174 94265 764a28 40 API calls 3 library calls 94174->94265 94175 782d6d 94314 74a8c7 22 API calls __fread_nolock 94175->94314 94178 742f6e 94178->94154 94180 742f78 94178->94180 94179 782d83 94315 743084 22 API calls 94179->94315 94266 764a28 40 API calls 3 library calls 94180->94266 94183 782d90 94184 742f83 94184->94159 94185 742f8d 94184->94185 94267 764a28 40 API calls 3 library calls 94185->94267 94187 742f98 94188 742fdc 94187->94188 94268 743084 22 API calls 94187->94268 94188->94175 94189 742fe8 94188->94189 94189->94183 94271 7463eb 22 API calls 94189->94271 94192 742fbf 94269 74a8c7 22 API calls __fread_nolock 94192->94269 94193 742ff8 94272 746a50 22 API calls 94193->94272 94196 742fcd 94270 743084 22 API calls 94196->94270 94198 743006 94273 7470b0 23 API calls 94198->94273 94202 743021 94203 743065 94202->94203 94274 746f88 22 API calls 94202->94274 94275 7470b0 23 API calls 94202->94275 94276 743084 22 API calls 94202->94276 94206 75fe0b 22 API calls 94205->94206 94207 74a976 94206->94207 94208 75fddb 22 API calls 94207->94208 94209 742e4d 94208->94209 94210 744ae3 94209->94210 94211 744af0 __wsopen_s 94210->94211 94212 746b57 22 API calls 94211->94212 94213 744b22 94211->94213 94212->94213 94218 744b58 94213->94218 94316 744c6d 94213->94316 94215 744c6d 22 API calls 94215->94218 94216 744c29 94217 744c5e 94216->94217 94219 749cb3 22 API calls 94216->94219 94217->94130 94218->94215 94218->94216 94220 749cb3 22 API calls 94218->94220 94319 74515f 94218->94319 94221 744c52 94219->94221 94220->94218 94222 74515f 22 API calls 94221->94222 94222->94217 94325 781f50 94224->94325 94227 749cb3 22 API calls 94228 743a8d 94227->94228 94327 743aa2 94228->94327 94230 743a97 94230->94132 94232 749cc2 _wcslen 94231->94232 94233 75fe0b 22 API calls 94232->94233 94234 749cea __fread_nolock 94233->94234 94235 75fddb 22 API calls 94234->94235 94236 742e8c 94235->94236 94237 744ecb 94236->94237 94347 744e90 LoadLibraryA 94237->94347 94242 744ef6 LoadLibraryExW 94355 744e59 LoadLibraryA 94242->94355 94243 783ccf 94245 744f39 68 API calls 94243->94245 94247 783cd6 94245->94247 94248 744e59 3 API calls 94247->94248 94252 783cde 94248->94252 94250 744f20 94251 744f2c 94250->94251 94250->94252 94254 744f39 68 API calls 94251->94254 94377 7450f5 94252->94377 94256 742ea5 94254->94256 94256->94137 94256->94138 94258 783d05 94259->94144 94260->94147 94261->94153 94262->94162 94263->94171 94264->94173 94265->94178 94266->94184 94267->94187 94268->94192 94269->94196 94270->94188 94271->94193 94272->94198 94273->94202 94274->94202 94275->94202 94276->94202 94278 7b2d15 94277->94278 94279 74511f 64 API calls 94278->94279 94280 7b2d29 94279->94280 94527 7b2e66 94280->94527 94283 7450f5 40 API calls 94284 7b2d56 94283->94284 94285 7450f5 40 API calls 94284->94285 94286 7b2d66 94285->94286 94287 7450f5 40 API calls 94286->94287 94288 7b2d81 94287->94288 94289 7450f5 40 API calls 94288->94289 94290 7b2d9c 94289->94290 94291 74511f 64 API calls 94290->94291 94292 7b2db3 94291->94292 94293 76ea0c ___std_exception_copy 21 API calls 94292->94293 94294 7b2dba 94293->94294 94295 76ea0c ___std_exception_copy 21 API calls 94294->94295 94296 7b2dc4 94295->94296 94297 7450f5 40 API calls 94296->94297 94298 7b2dd8 94297->94298 94299 7b28fe 27 API calls 94298->94299 94300 7b2dee 94299->94300 94301 7b2d3f 94300->94301 94533 7b22ce 79 API calls 94300->94533 94301->94140 94304 744f43 94303->94304 94305 744f4a 94303->94305 94534 76e678 94304->94534 94307 744f59 94305->94307 94308 744f6a FreeLibrary 94305->94308 94307->94142 94308->94307 94309->94154 94310->94159 94311->94164 94312->94168 94313->94175 94314->94179 94315->94183 94317 74aec9 22 API calls 94316->94317 94318 744c78 94317->94318 94318->94213 94320 74516e 94319->94320 94324 74518f __fread_nolock 94319->94324 94322 75fe0b 22 API calls 94320->94322 94321 75fddb 22 API calls 94323 7451a2 94321->94323 94322->94324 94323->94218 94324->94321 94326 743a67 GetModuleFileNameW 94325->94326 94326->94227 94328 781f50 __wsopen_s 94327->94328 94329 743aaf GetFullPathNameW 94328->94329 94330 743ace 94329->94330 94331 743ae9 94329->94331 94333 746b57 22 API calls 94330->94333 94341 74a6c3 94331->94341 94334 743ada 94333->94334 94337 7437a0 94334->94337 94338 7437ae 94337->94338 94339 7493b2 22 API calls 94338->94339 94340 7437c2 94339->94340 94340->94230 94342 74a6dd 94341->94342 94346 74a6d0 94341->94346 94343 75fddb 22 API calls 94342->94343 94344 74a6e7 94343->94344 94345 75fe0b 22 API calls 94344->94345 94345->94346 94346->94334 94348 744ec6 94347->94348 94349 744ea8 GetProcAddress 94347->94349 94352 76e5eb 94348->94352 94350 744eb8 94349->94350 94350->94348 94351 744ebf FreeLibrary 94350->94351 94351->94348 94385 76e52a 94352->94385 94354 744eea 94354->94242 94354->94243 94356 744e8d 94355->94356 94357 744e6e GetProcAddress 94355->94357 94360 744f80 94356->94360 94358 744e7e 94357->94358 94358->94356 94359 744e86 FreeLibrary 94358->94359 94359->94356 94361 75fe0b 22 API calls 94360->94361 94362 744f95 94361->94362 94453 745722 94362->94453 94364 744fa1 __fread_nolock 94365 744fdc 94364->94365 94366 7450a5 94364->94366 94367 783d1d 94364->94367 94370 7450f5 40 API calls 94365->94370 94371 783d22 94365->94371 94376 74506e messages 94365->94376 94462 74511f 94365->94462 94456 7442a2 CreateStreamOnHGlobal 94366->94456 94467 7b304d 74 API calls 94367->94467 94370->94365 94372 74511f 64 API calls 94371->94372 94373 783d45 94372->94373 94374 7450f5 40 API calls 94373->94374 94374->94376 94376->94250 94378 745107 94377->94378 94379 783d70 94377->94379 94489 76e8c4 94378->94489 94382 7b28fe 94510 7b274e 94382->94510 94384 7b2919 94384->94258 94387 76e536 BuildCatchObjectHelperInternal 94385->94387 94386 76e544 94410 76f2d9 20 API calls _free 94386->94410 94387->94386 94389 76e574 94387->94389 94392 76e586 94389->94392 94393 76e579 94389->94393 94390 76e549 94411 7727ec 26 API calls __cftof 94390->94411 94402 778061 94392->94402 94412 76f2d9 20 API calls _free 94393->94412 94396 76e554 __wsopen_s 94396->94354 94397 76e58f 94398 76e595 94397->94398 94399 76e5a2 94397->94399 94413 76f2d9 20 API calls _free 94398->94413 94414 76e5d4 LeaveCriticalSection __fread_nolock 94399->94414 94403 77806d BuildCatchObjectHelperInternal 94402->94403 94415 772f5e EnterCriticalSection 94403->94415 94405 77807b 94416 7780fb 94405->94416 94409 7780ac __wsopen_s 94409->94397 94410->94390 94411->94396 94412->94396 94413->94396 94414->94396 94415->94405 94417 77811e 94416->94417 94418 778177 94417->94418 94425 778088 94417->94425 94432 76918d EnterCriticalSection 94417->94432 94433 7691a1 LeaveCriticalSection 94417->94433 94434 774c7d 94418->94434 94423 778189 94423->94425 94447 773405 11 API calls 2 library calls 94423->94447 94429 7780b7 94425->94429 94426 7781a8 94448 76918d EnterCriticalSection 94426->94448 94452 772fa6 LeaveCriticalSection 94429->94452 94431 7780be 94431->94409 94432->94417 94433->94417 94435 774c8a BuildCatchObjectHelperInternal 94434->94435 94436 774cca 94435->94436 94437 774cb5 RtlAllocateHeap 94435->94437 94449 764ead 7 API calls 2 library calls 94435->94449 94450 76f2d9 20 API calls _free 94436->94450 94437->94435 94438 774cc8 94437->94438 94441 7729c8 94438->94441 94442 7729d3 RtlFreeHeap 94441->94442 94446 7729fc _free 94441->94446 94443 7729e8 94442->94443 94442->94446 94451 76f2d9 20 API calls _free 94443->94451 94445 7729ee GetLastError 94445->94446 94446->94423 94447->94426 94448->94425 94449->94435 94450->94438 94451->94445 94452->94431 94454 75fddb 22 API calls 94453->94454 94455 745734 94454->94455 94455->94364 94457 7442bc FindResourceExW 94456->94457 94461 7442d9 94456->94461 94458 7835ba LoadResource 94457->94458 94457->94461 94459 7835cf SizeofResource 94458->94459 94458->94461 94460 7835e3 LockResource 94459->94460 94459->94461 94460->94461 94461->94365 94463 74512e 94462->94463 94466 783d90 94462->94466 94468 76ece3 94463->94468 94467->94371 94471 76eaaa 94468->94471 94470 74513c 94470->94365 94474 76eab6 BuildCatchObjectHelperInternal 94471->94474 94472 76eac2 94484 76f2d9 20 API calls _free 94472->94484 94474->94472 94475 76eae8 94474->94475 94486 76918d EnterCriticalSection 94475->94486 94476 76eac7 94485 7727ec 26 API calls __cftof 94476->94485 94479 76eaf4 94487 76ec0a 62 API calls 2 library calls 94479->94487 94481 76eb08 94488 76eb27 LeaveCriticalSection __fread_nolock 94481->94488 94482 76ead2 __wsopen_s 94482->94470 94484->94476 94485->94482 94486->94479 94487->94481 94488->94482 94492 76e8e1 94489->94492 94491 745118 94491->94382 94493 76e8ed BuildCatchObjectHelperInternal 94492->94493 94494 76e900 ___scrt_fastfail 94493->94494 94495 76e92d 94493->94495 94496 76e925 __wsopen_s 94493->94496 94505 76f2d9 20 API calls _free 94494->94505 94507 76918d EnterCriticalSection 94495->94507 94496->94491 94498 76e937 94508 76e6f8 38 API calls 4 library calls 94498->94508 94500 76e91a 94506 7727ec 26 API calls __cftof 94500->94506 94503 76e94e 94509 76e96c LeaveCriticalSection __fread_nolock 94503->94509 94505->94500 94506->94496 94507->94498 94508->94503 94509->94496 94513 76e4e8 94510->94513 94512 7b275d 94512->94384 94516 76e469 94513->94516 94515 76e505 94515->94512 94517 76e48c 94516->94517 94518 76e478 94516->94518 94523 76e488 __alldvrm 94517->94523 94526 77333f 11 API calls 2 library calls 94517->94526 94524 76f2d9 20 API calls _free 94518->94524 94520 76e47d 94525 7727ec 26 API calls __cftof 94520->94525 94523->94515 94524->94520 94525->94523 94526->94523 94532 7b2e7a 94527->94532 94528 7b2d3b 94528->94283 94528->94301 94529 7450f5 40 API calls 94529->94532 94530 7b28fe 27 API calls 94530->94532 94531 74511f 64 API calls 94531->94532 94532->94528 94532->94529 94532->94530 94532->94531 94533->94301 94535 76e684 BuildCatchObjectHelperInternal 94534->94535 94536 76e695 94535->94536 94537 76e6aa 94535->94537 94564 76f2d9 20 API calls _free 94536->94564 94546 76e6a5 __wsopen_s 94537->94546 94547 76918d EnterCriticalSection 94537->94547 94539 76e69a 94565 7727ec 26 API calls __cftof 94539->94565 94542 76e6c6 94548 76e602 94542->94548 94544 76e6d1 94566 76e6ee LeaveCriticalSection __fread_nolock 94544->94566 94546->94305 94547->94542 94549 76e624 94548->94549 94550 76e60f 94548->94550 94562 76e61f 94549->94562 94567 76dc0b 94549->94567 94599 76f2d9 20 API calls _free 94550->94599 94552 76e614 94600 7727ec 26 API calls __cftof 94552->94600 94559 76e646 94584 77862f 94559->94584 94562->94544 94563 7729c8 _free 20 API calls 94563->94562 94564->94539 94565->94546 94566->94546 94568 76dc23 94567->94568 94570 76dc1f 94567->94570 94569 76d955 __fread_nolock 26 API calls 94568->94569 94568->94570 94571 76dc43 94569->94571 94573 774d7a 94570->94573 94601 7759be 62 API calls 5 library calls 94571->94601 94574 76e640 94573->94574 94575 774d90 94573->94575 94577 76d955 94574->94577 94575->94574 94576 7729c8 _free 20 API calls 94575->94576 94576->94574 94578 76d976 94577->94578 94579 76d961 94577->94579 94578->94559 94602 76f2d9 20 API calls _free 94579->94602 94581 76d966 94603 7727ec 26 API calls __cftof 94581->94603 94583 76d971 94583->94559 94585 77863e 94584->94585 94588 778653 94584->94588 94607 76f2c6 20 API calls _free 94585->94607 94586 77868e 94609 76f2c6 20 API calls _free 94586->94609 94588->94586 94591 77867a 94588->94591 94590 778643 94608 76f2d9 20 API calls _free 94590->94608 94604 778607 94591->94604 94592 778693 94610 76f2d9 20 API calls _free 94592->94610 94596 76e64c 94596->94562 94596->94563 94597 77869b 94611 7727ec 26 API calls __cftof 94597->94611 94599->94552 94600->94562 94601->94570 94602->94581 94603->94583 94612 778585 94604->94612 94606 77862b 94606->94596 94607->94590 94608->94596 94609->94592 94610->94597 94611->94596 94613 778591 BuildCatchObjectHelperInternal 94612->94613 94623 775147 EnterCriticalSection 94613->94623 94615 77859f 94616 7785c6 94615->94616 94617 7785d1 94615->94617 94624 7786ae 94616->94624 94639 76f2d9 20 API calls _free 94617->94639 94620 7785cc 94640 7785fb LeaveCriticalSection __wsopen_s 94620->94640 94622 7785ee __wsopen_s 94622->94606 94623->94615 94641 7753c4 94624->94641 94626 7786c4 94654 775333 21 API calls 3 library calls 94626->94654 94627 7786be 94627->94626 94629 7753c4 __wsopen_s 26 API calls 94627->94629 94638 7786f6 94627->94638 94632 7786ed 94629->94632 94630 7753c4 __wsopen_s 26 API calls 94633 778702 FindCloseChangeNotification 94630->94633 94631 77871c 94634 77873e 94631->94634 94655 76f2a3 20 API calls 2 library calls 94631->94655 94635 7753c4 __wsopen_s 26 API calls 94632->94635 94633->94626 94636 77870e GetLastError 94633->94636 94634->94620 94635->94638 94636->94626 94638->94626 94638->94630 94639->94620 94640->94622 94642 7753d1 94641->94642 94644 7753e6 94641->94644 94656 76f2c6 20 API calls _free 94642->94656 94648 77540b 94644->94648 94658 76f2c6 20 API calls _free 94644->94658 94645 7753d6 94657 76f2d9 20 API calls _free 94645->94657 94648->94627 94649 775416 94659 76f2d9 20 API calls _free 94649->94659 94651 7753de 94651->94627 94652 77541e 94660 7727ec 26 API calls __cftof 94652->94660 94654->94631 94655->94634 94656->94645 94657->94651 94658->94649 94659->94652 94660->94651 94661 741033 94666 744c91 94661->94666 94665 741042 94667 74a961 22 API calls 94666->94667 94668 744cff 94667->94668 94674 743af0 94668->94674 94671 744d9c 94672 741038 94671->94672 94677 7451f7 22 API calls __fread_nolock 94671->94677 94673 7600a3 29 API calls __onexit 94672->94673 94673->94665 94678 743b1c 94674->94678 94677->94671 94679 743b0f 94678->94679 94680 743b29 94678->94680 94679->94671 94680->94679 94681 743b30 RegOpenKeyExW 94680->94681 94681->94679 94682 743b4a RegQueryValueExW 94681->94682 94683 743b80 RegCloseKey 94682->94683 94684 743b6b 94682->94684 94683->94679 94684->94683 94685 74f7bf 94686 74fcb6 94685->94686 94687 74f7d3 94685->94687 94776 74aceb 23 API calls messages 94686->94776 94689 74fcc2 94687->94689 94690 75fddb 22 API calls 94687->94690 94777 74aceb 23 API calls messages 94689->94777 94692 74f7e5 94690->94692 94692->94689 94693 74fd3d 94692->94693 94694 74f83e 94692->94694 94778 7b1155 22 API calls 94693->94778 94709 74ed9d messages 94694->94709 94720 751310 94694->94720 94698 74fef7 94698->94709 94780 74a8c7 22 API calls __fread_nolock 94698->94780 94700 75fddb 22 API calls 94717 74ec76 messages 94700->94717 94701 74a8c7 22 API calls 94701->94717 94702 794600 94702->94709 94779 74a8c7 22 API calls __fread_nolock 94702->94779 94703 794b0b 94782 7b359c 82 API calls __wsopen_s 94703->94782 94710 74fbe3 94710->94709 94712 794bdc 94710->94712 94719 74f3ae messages 94710->94719 94711 74a961 22 API calls 94711->94717 94783 7b359c 82 API calls __wsopen_s 94712->94783 94714 7600a3 29 API calls pre_c_initialization 94714->94717 94715 760242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94715->94717 94716 794beb 94784 7b359c 82 API calls __wsopen_s 94716->94784 94717->94698 94717->94700 94717->94701 94717->94702 94717->94703 94717->94709 94717->94710 94717->94711 94717->94714 94717->94715 94717->94716 94718 7601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94717->94718 94717->94719 94774 7501e0 185 API calls 2 library calls 94717->94774 94775 7506a0 41 API calls messages 94717->94775 94718->94717 94719->94709 94781 7b359c 82 API calls __wsopen_s 94719->94781 94721 751376 94720->94721 94722 7517b0 94720->94722 94723 751390 94721->94723 94724 796331 94721->94724 94833 760242 5 API calls __Init_thread_wait 94722->94833 94785 751940 94723->94785 94838 7c709c 185 API calls 94724->94838 94728 7517ba 94731 749cb3 22 API calls 94728->94731 94734 7517fb 94728->94734 94730 79633d 94730->94717 94740 7517d4 94731->94740 94732 751940 9 API calls 94733 7513b6 94732->94733 94733->94734 94736 7513ec 94733->94736 94735 796346 94734->94735 94737 75182c 94734->94737 94839 7b359c 82 API calls __wsopen_s 94735->94839 94736->94735 94760 751408 __fread_nolock 94736->94760 94835 74aceb 23 API calls messages 94737->94835 94834 7601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94740->94834 94742 751839 94836 75d217 185 API calls 94742->94836 94744 79636e 94840 7b359c 82 API calls __wsopen_s 94744->94840 94745 75152f 94747 7963d1 94745->94747 94748 75153c 94745->94748 94842 7c5745 54 API calls _wcslen 94747->94842 94750 751940 9 API calls 94748->94750 94751 751549 94750->94751 94755 7964fa 94751->94755 94757 751940 9 API calls 94751->94757 94752 75fddb 22 API calls 94752->94760 94753 751872 94837 75faeb 23 API calls 94753->94837 94754 75fe0b 22 API calls 94754->94760 94765 796369 94755->94765 94844 7b359c 82 API calls __wsopen_s 94755->94844 94761 751563 94757->94761 94760->94742 94760->94744 94760->94745 94760->94752 94760->94754 94762 7963b2 94760->94762 94760->94765 94808 74ec40 94760->94808 94761->94755 94767 7515c7 messages 94761->94767 94843 74a8c7 22 API calls __fread_nolock 94761->94843 94841 7b359c 82 API calls __wsopen_s 94762->94841 94765->94717 94766 751940 9 API calls 94766->94767 94767->94753 94767->94755 94767->94765 94767->94766 94770 75167b messages 94767->94770 94795 7b5c5a 94767->94795 94800 7cac5b 94767->94800 94803 7ca2ea 94767->94803 94768 75171d 94768->94717 94770->94768 94832 75ce17 22 API calls messages 94770->94832 94774->94717 94775->94717 94776->94689 94777->94693 94778->94709 94779->94709 94780->94709 94781->94709 94782->94709 94783->94716 94784->94709 94786 751981 94785->94786 94787 75195d 94785->94787 94845 760242 5 API calls __Init_thread_wait 94786->94845 94794 7513a0 94787->94794 94847 760242 5 API calls __Init_thread_wait 94787->94847 94789 75198b 94789->94787 94846 7601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94789->94846 94792 758727 94792->94794 94848 7601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94792->94848 94794->94732 94849 747510 94795->94849 94799 7b5c77 94799->94767 94881 7cad64 94800->94881 94802 7cac6f 94802->94767 94804 747510 53 API calls 94803->94804 94805 7ca306 94804->94805 94913 7ad4dc CreateToolhelp32Snapshot Process32FirstW 94805->94913 94807 7ca315 94807->94767 94830 74ec76 messages 94808->94830 94809 760242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94809->94830 94810 75fddb 22 API calls 94810->94830 94811 7600a3 29 API calls pre_c_initialization 94811->94830 94813 74fef7 94825 74ed9d messages 94813->94825 94937 74a8c7 22 API calls __fread_nolock 94813->94937 94815 794600 94815->94825 94936 74a8c7 22 API calls __fread_nolock 94815->94936 94816 794b0b 94939 7b359c 82 API calls __wsopen_s 94816->94939 94820 74a8c7 22 API calls 94820->94830 94823 74fbe3 94823->94825 94826 794bdc 94823->94826 94831 74f3ae messages 94823->94831 94824 74a961 22 API calls 94824->94830 94825->94760 94940 7b359c 82 API calls __wsopen_s 94826->94940 94828 7601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94828->94830 94829 794beb 94941 7b359c 82 API calls __wsopen_s 94829->94941 94830->94809 94830->94810 94830->94811 94830->94813 94830->94815 94830->94816 94830->94820 94830->94823 94830->94824 94830->94825 94830->94828 94830->94829 94830->94831 94934 7501e0 185 API calls 2 library calls 94830->94934 94935 7506a0 41 API calls messages 94830->94935 94831->94825 94938 7b359c 82 API calls __wsopen_s 94831->94938 94832->94770 94833->94728 94834->94734 94835->94742 94836->94753 94837->94753 94838->94730 94839->94765 94840->94765 94841->94765 94842->94761 94843->94767 94844->94765 94845->94789 94846->94787 94847->94792 94848->94794 94850 747525 94849->94850 94866 747522 94849->94866 94851 74752d 94850->94851 94852 74755b 94850->94852 94877 7651c6 26 API calls 94851->94877 94854 7850f6 94852->94854 94857 74756d 94852->94857 94862 78500f 94852->94862 94880 765183 26 API calls 94854->94880 94855 74753d 94861 75fddb 22 API calls 94855->94861 94878 75fb21 51 API calls 94857->94878 94858 78510e 94858->94858 94863 747547 94861->94863 94865 75fe0b 22 API calls 94862->94865 94871 785088 94862->94871 94864 749cb3 22 API calls 94863->94864 94864->94866 94867 785058 94865->94867 94872 7adbbe lstrlenW 94866->94872 94868 75fddb 22 API calls 94867->94868 94869 78507f 94868->94869 94870 749cb3 22 API calls 94869->94870 94870->94871 94879 75fb21 51 API calls 94871->94879 94873 7adbdc GetFileAttributesW 94872->94873 94874 7adc06 94872->94874 94873->94874 94875 7adbe8 FindFirstFileW 94873->94875 94874->94799 94875->94874 94876 7adbf9 FindClose 94875->94876 94876->94874 94877->94855 94878->94855 94879->94854 94880->94858 94882 74a961 22 API calls 94881->94882 94883 7cad77 ___scrt_fastfail 94882->94883 94884 7cadce 94883->94884 94886 747510 53 API calls 94883->94886 94885 7cadee 94884->94885 94888 747510 53 API calls 94884->94888 94889 7cae3a 94885->94889 94891 747510 53 API calls 94885->94891 94887 7cadab 94886->94887 94887->94884 94892 747510 53 API calls 94887->94892 94890 7cade4 94888->94890 94894 7cae4d ___scrt_fastfail 94889->94894 94912 74b567 39 API calls 94889->94912 94910 747620 22 API calls _wcslen 94890->94910 94900 7cae04 94891->94900 94895 7cadc4 94892->94895 94898 747510 53 API calls 94894->94898 94909 747620 22 API calls _wcslen 94895->94909 94899 7cae85 ShellExecuteExW 94898->94899 94903 7caeb0 94899->94903 94900->94889 94901 747510 53 API calls 94900->94901 94902 7cae28 94901->94902 94902->94889 94911 74a8c7 22 API calls __fread_nolock 94902->94911 94905 7caec8 94903->94905 94906 7caf35 GetProcessId 94903->94906 94905->94802 94907 7caf48 94906->94907 94908 7caf58 CloseHandle 94907->94908 94908->94905 94909->94884 94910->94885 94911->94889 94912->94894 94923 7adef7 94913->94923 94915 7ad5db FindCloseChangeNotification 94915->94807 94916 7ad529 Process32NextW 94916->94915 94922 7ad522 94916->94922 94917 74a961 22 API calls 94917->94922 94918 749cb3 22 API calls 94918->94922 94922->94915 94922->94916 94922->94917 94922->94918 94929 74525f 22 API calls 94922->94929 94930 746350 22 API calls 94922->94930 94931 75ce60 41 API calls 94922->94931 94925 7adf02 94923->94925 94924 7adf19 94933 7662fb 39 API calls 94924->94933 94925->94924 94928 7adf1f 94925->94928 94932 7663b2 GetStringTypeW _strftime 94925->94932 94928->94922 94929->94922 94930->94922 94931->94922 94932->94925 94933->94928 94934->94830 94935->94830 94936->94825 94937->94825 94938->94825 94939->94825 94940->94829 94941->94825 94942 793f75 94953 75ceb1 94942->94953 94944 793f8b 94945 794006 94944->94945 95020 75e300 23 API calls 94944->95020 94962 74bf40 94945->94962 94949 793fe6 94950 794052 94949->94950 95021 7b1abf 22 API calls 94949->95021 94952 794a88 94950->94952 95022 7b359c 82 API calls __wsopen_s 94950->95022 94954 75ced2 94953->94954 94955 75cebf 94953->94955 94957 75cf05 94954->94957 94958 75ced7 94954->94958 95023 74aceb 23 API calls messages 94955->95023 95024 74aceb 23 API calls messages 94957->95024 94959 75fddb 22 API calls 94958->94959 94961 75cec9 94959->94961 94961->94944 95025 74adf0 94962->95025 94964 74bf9d 94965 74bfa9 94964->94965 94966 7904b6 94964->94966 94967 7904c6 94965->94967 94968 74c01e 94965->94968 95044 7b359c 82 API calls __wsopen_s 94966->95044 95045 7b359c 82 API calls __wsopen_s 94967->95045 95030 74ac91 94968->95030 94972 74c603 94972->94950 94973 74c7da 94977 75fe0b 22 API calls 94973->94977 94982 74c808 __fread_nolock 94977->94982 94979 7904f5 94983 79055a 94979->94983 95046 75d217 185 API calls 94979->95046 94988 75fe0b 22 API calls 94982->94988 94983->94972 95047 7b359c 82 API calls __wsopen_s 94983->95047 94984 74ec40 185 API calls 95002 74c039 __fread_nolock messages 94984->95002 94985 74af8a 22 API calls 94985->95002 94986 7a7120 22 API calls 94986->95002 94987 79091a 95057 7b3209 23 API calls 94987->95057 94991 74c350 __fread_nolock messages 94988->94991 95003 74c3ac 94991->95003 95043 75ce17 22 API calls messages 94991->95043 94992 7908a5 94993 74ec40 185 API calls 94992->94993 94995 7908cf 94993->94995 94995->94972 95055 74a81b 41 API calls 94995->95055 94996 790591 95048 7b359c 82 API calls __wsopen_s 94996->95048 94997 7908f6 95056 7b359c 82 API calls __wsopen_s 94997->95056 95002->94972 95002->94973 95002->94979 95002->94982 95002->94983 95002->94984 95002->94985 95002->94986 95002->94987 95002->94992 95002->94996 95002->94997 95004 74c237 95002->95004 95011 75fddb 22 API calls 95002->95011 95014 7909bf 95002->95014 95017 74bbe0 40 API calls 95002->95017 95019 75fe0b 22 API calls 95002->95019 95034 74ad81 95002->95034 95049 7a7099 22 API calls __fread_nolock 95002->95049 95050 7c5745 54 API calls _wcslen 95002->95050 95051 75aa42 22 API calls messages 95002->95051 95052 7af05c 40 API calls 95002->95052 95053 74a993 41 API calls 95002->95053 95054 74aceb 23 API calls messages 95002->95054 95003->94950 95007 74c253 95004->95007 95058 74a8c7 22 API calls __fread_nolock 95004->95058 95008 790976 95007->95008 95012 74c297 messages 95007->95012 95059 74aceb 23 API calls messages 95008->95059 95011->95002 95012->95014 95041 74aceb 23 API calls messages 95012->95041 95014->94972 95060 7b359c 82 API calls __wsopen_s 95014->95060 95015 74c335 95015->95014 95016 74c342 95015->95016 95042 74a704 22 API calls messages 95016->95042 95017->95002 95019->95002 95020->94949 95021->94945 95022->94952 95023->94961 95024->94961 95026 74ae01 95025->95026 95029 74ae1c messages 95025->95029 95027 74aec9 22 API calls 95026->95027 95028 74ae09 CharUpperBuffW 95027->95028 95028->95029 95029->94964 95031 74acae 95030->95031 95032 74acd1 95031->95032 95061 7b359c 82 API calls __wsopen_s 95031->95061 95032->95002 95035 78fadb 95034->95035 95036 74ad92 95034->95036 95037 75fddb 22 API calls 95036->95037 95038 74ad99 95037->95038 95062 74adcd 95038->95062 95041->95015 95042->94991 95043->94991 95044->94967 95045->94972 95046->94983 95047->94972 95048->94972 95049->95002 95050->95002 95051->95002 95052->95002 95053->95002 95054->95002 95055->94997 95056->94972 95057->95004 95058->95007 95059->95014 95060->94972 95061->95032 95065 74addd 95062->95065 95063 74adb6 95063->95002 95064 75fddb 22 API calls 95064->95065 95065->95063 95065->95064 95066 74a961 22 API calls 95065->95066 95068 74adcd 22 API calls 95065->95068 95069 74a8c7 22 API calls __fread_nolock 95065->95069 95066->95065 95068->95065 95069->95065 95070 741098 95075 7442de 95070->95075 95074 7410a7 95076 74a961 22 API calls 95075->95076 95077 7442f5 GetVersionExW 95076->95077 95078 746b57 22 API calls 95077->95078 95079 744342 95078->95079 95080 7493b2 22 API calls 95079->95080 95084 744378 95079->95084 95081 74436c 95080->95081 95083 7437a0 22 API calls 95081->95083 95082 74441b GetCurrentProcess IsWow64Process 95085 744437 95082->95085 95083->95084 95084->95082 95091 7837df 95084->95091 95086 74444f LoadLibraryA 95085->95086 95087 783824 GetSystemInfo 95085->95087 95088 744460 GetProcAddress 95086->95088 95089 74449c GetSystemInfo 95086->95089 95088->95089 95092 744470 GetNativeSystemInfo 95088->95092 95090 744476 95089->95090 95093 74109d 95090->95093 95094 74447a FreeLibrary 95090->95094 95092->95090 95095 7600a3 29 API calls __onexit 95093->95095 95094->95093 95095->95074 95096 7603fb 95097 760407 BuildCatchObjectHelperInternal 95096->95097 95125 75feb1 95097->95125 95099 76040e 95100 760561 95099->95100 95103 760438 95099->95103 95155 76083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95100->95155 95102 760568 95148 764e52 95102->95148 95114 760477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95103->95114 95136 77247d 95103->95136 95110 760457 95112 7604d8 95144 760959 95112->95144 95114->95112 95151 764e1a 38 API calls 3 library calls 95114->95151 95116 7604de 95117 7604f3 95116->95117 95152 760992 GetModuleHandleW 95117->95152 95119 7604fa 95119->95102 95120 7604fe 95119->95120 95121 760507 95120->95121 95153 764df5 28 API calls _abort 95120->95153 95154 760040 13 API calls 2 library calls 95121->95154 95124 76050f 95124->95110 95126 75feba 95125->95126 95157 760698 IsProcessorFeaturePresent 95126->95157 95128 75fec6 95158 762c94 10 API calls 3 library calls 95128->95158 95130 75fecb 95131 75fecf 95130->95131 95159 772317 95130->95159 95131->95099 95134 75fee6 95134->95099 95137 772494 95136->95137 95138 760a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95137->95138 95139 760451 95138->95139 95139->95110 95140 772421 95139->95140 95141 772450 95140->95141 95142 760a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95141->95142 95143 772479 95142->95143 95143->95114 95218 762340 95144->95218 95147 76097f 95147->95116 95220 764bcf 95148->95220 95151->95112 95152->95119 95153->95121 95154->95124 95155->95102 95157->95128 95158->95130 95163 77d1f6 95159->95163 95162 762cbd 8 API calls 3 library calls 95162->95131 95164 77d213 95163->95164 95167 77d20f 95163->95167 95164->95167 95169 774bfb 95164->95169 95166 75fed8 95166->95134 95166->95162 95181 760a8c 95167->95181 95170 774c07 BuildCatchObjectHelperInternal 95169->95170 95188 772f5e EnterCriticalSection 95170->95188 95172 774c0e 95189 7750af 95172->95189 95174 774c1d 95175 774c2c 95174->95175 95202 774a8f 29 API calls 95174->95202 95204 774c48 LeaveCriticalSection _abort 95175->95204 95178 774c27 95203 774b45 GetStdHandle GetFileType 95178->95203 95179 774c3d __wsopen_s 95179->95164 95182 760a97 IsProcessorFeaturePresent 95181->95182 95183 760a95 95181->95183 95185 760c5d 95182->95185 95183->95166 95217 760c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95185->95217 95187 760d40 95187->95166 95188->95172 95190 7750bb BuildCatchObjectHelperInternal 95189->95190 95191 7750df 95190->95191 95192 7750c8 95190->95192 95205 772f5e EnterCriticalSection 95191->95205 95213 76f2d9 20 API calls _free 95192->95213 95195 7750cd 95214 7727ec 26 API calls __cftof 95195->95214 95197 775117 95215 77513e LeaveCriticalSection _abort 95197->95215 95198 7750d7 __wsopen_s 95198->95174 95199 7750eb 95199->95197 95206 775000 95199->95206 95202->95178 95203->95175 95204->95179 95205->95199 95207 774c7d BuildCatchObjectHelperInternal 20 API calls 95206->95207 95208 775012 95207->95208 95212 77501f 95208->95212 95216 773405 11 API calls 2 library calls 95208->95216 95209 7729c8 _free 20 API calls 95210 775071 95209->95210 95210->95199 95212->95209 95213->95195 95214->95198 95215->95198 95216->95208 95217->95187 95219 76096c GetStartupInfoW 95218->95219 95219->95147 95221 764bdb BuildCatchObjectHelperInternal 95220->95221 95222 764bf4 95221->95222 95223 764be2 95221->95223 95244 772f5e EnterCriticalSection 95222->95244 95259 764d29 GetModuleHandleW 95223->95259 95226 764be7 95226->95222 95260 764d6d GetModuleHandleExW 95226->95260 95231 764bfb 95235 764c70 95231->95235 95243 764c99 95231->95243 95245 7721a8 95231->95245 95232 764cb6 95251 764ce8 95232->95251 95233 764ce2 95268 781d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 95233->95268 95234 764c88 95240 772421 _abort 5 API calls 95234->95240 95235->95234 95239 772421 _abort 5 API calls 95235->95239 95239->95234 95240->95243 95248 764cd9 95243->95248 95244->95231 95269 771ee1 95245->95269 95288 772fa6 LeaveCriticalSection 95248->95288 95250 764cb2 95250->95232 95250->95233 95289 77360c 95251->95289 95254 764d16 95256 764d6d _abort 8 API calls 95254->95256 95255 764cf6 GetPEB 95255->95254 95257 764d06 GetCurrentProcess TerminateProcess 95255->95257 95258 764d1e ExitProcess 95256->95258 95257->95254 95259->95226 95261 764d97 GetProcAddress 95260->95261 95262 764dba 95260->95262 95267 764dac 95261->95267 95263 764dc0 FreeLibrary 95262->95263 95264 764dc9 95262->95264 95263->95264 95265 760a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95264->95265 95266 764bf3 95265->95266 95266->95222 95267->95262 95272 771e90 95269->95272 95271 771f05 95271->95235 95273 771e9c BuildCatchObjectHelperInternal 95272->95273 95280 772f5e EnterCriticalSection 95273->95280 95275 771eaa 95281 771f31 95275->95281 95279 771ec8 __wsopen_s 95279->95271 95280->95275 95282 771f51 95281->95282 95285 771f59 95281->95285 95283 760a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95282->95283 95284 771eb7 95283->95284 95287 771ed5 LeaveCriticalSection _abort 95284->95287 95285->95282 95286 7729c8 _free 20 API calls 95285->95286 95286->95282 95287->95279 95288->95250 95290 773627 95289->95290 95291 773631 95289->95291 95293 760a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95290->95293 95296 772fd7 5 API calls 2 library calls 95291->95296 95294 764cf2 95293->95294 95294->95254 95294->95255 95295 773648 95295->95290 95296->95295 95297 74105b 95302 74344d 95297->95302 95299 74106a 95333 7600a3 29 API calls __onexit 95299->95333 95301 741074 95303 74345d __wsopen_s 95302->95303 95304 74a961 22 API calls 95303->95304 95305 743513 95304->95305 95306 743a5a 24 API calls 95305->95306 95307 74351c 95306->95307 95334 743357 95307->95334 95310 7433c6 22 API calls 95311 743535 95310->95311 95312 74515f 22 API calls 95311->95312 95313 743544 95312->95313 95314 74a961 22 API calls 95313->95314 95315 74354d 95314->95315 95316 74a6c3 22 API calls 95315->95316 95317 743556 RegOpenKeyExW 95316->95317 95318 783176 RegQueryValueExW 95317->95318 95322 743578 95317->95322 95319 78320c RegCloseKey 95318->95319 95320 783193 95318->95320 95319->95322 95332 78321e _wcslen 95319->95332 95321 75fe0b 22 API calls 95320->95321 95323 7831ac 95321->95323 95322->95299 95324 745722 22 API calls 95323->95324 95325 7831b7 RegQueryValueExW 95324->95325 95326 7831d4 95325->95326 95329 7831ee messages 95325->95329 95327 746b57 22 API calls 95326->95327 95327->95329 95328 744c6d 22 API calls 95328->95332 95329->95319 95330 749cb3 22 API calls 95330->95332 95331 74515f 22 API calls 95331->95332 95332->95322 95332->95328 95332->95330 95332->95331 95333->95301 95335 781f50 __wsopen_s 95334->95335 95336 743364 GetFullPathNameW 95335->95336 95337 743386 95336->95337 95338 746b57 22 API calls 95337->95338 95339 7433a4 95338->95339 95339->95310 95340 741044 95345 7410f3 95340->95345 95342 74104a 95381 7600a3 29 API calls __onexit 95342->95381 95344 741054 95382 741398 95345->95382 95349 74116a 95350 74a961 22 API calls 95349->95350 95351 741174 95350->95351 95352 74a961 22 API calls 95351->95352 95353 74117e 95352->95353 95354 74a961 22 API calls 95353->95354 95355 741188 95354->95355 95356 74a961 22 API calls 95355->95356 95357 7411c6 95356->95357 95358 74a961 22 API calls 95357->95358 95359 741292 95358->95359 95392 74171c 95359->95392 95363 7412c4 95364 74a961 22 API calls 95363->95364 95365 7412ce 95364->95365 95366 751940 9 API calls 95365->95366 95367 7412f9 95366->95367 95413 741aab 95367->95413 95369 741315 95370 741325 GetStdHandle 95369->95370 95371 782485 95370->95371 95372 74137a 95370->95372 95371->95372 95373 78248e 95371->95373 95375 741387 OleInitialize 95372->95375 95374 75fddb 22 API calls 95373->95374 95376 782495 95374->95376 95375->95342 95420 7b011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95376->95420 95378 78249e 95421 7b0944 CreateThread 95378->95421 95380 7824aa CloseHandle 95380->95372 95381->95344 95422 7413f1 95382->95422 95385 7413f1 22 API calls 95386 7413d0 95385->95386 95387 74a961 22 API calls 95386->95387 95388 7413dc 95387->95388 95389 746b57 22 API calls 95388->95389 95390 741129 95389->95390 95391 741bc3 6 API calls 95390->95391 95391->95349 95393 74a961 22 API calls 95392->95393 95394 74172c 95393->95394 95395 74a961 22 API calls 95394->95395 95396 741734 95395->95396 95397 74a961 22 API calls 95396->95397 95398 74174f 95397->95398 95399 75fddb 22 API calls 95398->95399 95400 74129c 95399->95400 95401 741b4a 95400->95401 95402 741b58 95401->95402 95403 74a961 22 API calls 95402->95403 95404 741b63 95403->95404 95405 74a961 22 API calls 95404->95405 95406 741b6e 95405->95406 95407 74a961 22 API calls 95406->95407 95408 741b79 95407->95408 95409 74a961 22 API calls 95408->95409 95410 741b84 95409->95410 95411 75fddb 22 API calls 95410->95411 95412 741b96 RegisterWindowMessageW 95411->95412 95412->95363 95414 78272d 95413->95414 95415 741abb 95413->95415 95429 7b3209 23 API calls 95414->95429 95416 75fddb 22 API calls 95415->95416 95418 741ac3 95416->95418 95418->95369 95419 782738 95420->95378 95421->95380 95430 7b092a 28 API calls 95421->95430 95423 74a961 22 API calls 95422->95423 95424 7413fc 95423->95424 95425 74a961 22 API calls 95424->95425 95426 741404 95425->95426 95427 74a961 22 API calls 95426->95427 95428 7413c6 95427->95428 95428->95385 95429->95419 95431 778402 95436 7781be 95431->95436 95434 77842a 95441 7781ef try_get_first_available_module 95436->95441 95438 7783ee 95455 7727ec 26 API calls __cftof 95438->95455 95440 778343 95440->95434 95448 780984 95440->95448 95447 778338 95441->95447 95451 768e0b 40 API calls 2 library calls 95441->95451 95443 77838c 95443->95447 95452 768e0b 40 API calls 2 library calls 95443->95452 95445 7783ab 95445->95447 95453 768e0b 40 API calls 2 library calls 95445->95453 95447->95440 95454 76f2d9 20 API calls _free 95447->95454 95456 780081 95448->95456 95450 78099f 95450->95434 95451->95443 95452->95445 95453->95447 95454->95438 95455->95440 95459 78008d BuildCatchObjectHelperInternal 95456->95459 95457 78009b 95513 76f2d9 20 API calls _free 95457->95513 95459->95457 95461 7800d4 95459->95461 95460 7800a0 95514 7727ec 26 API calls __cftof 95460->95514 95467 78065b 95461->95467 95465 7800aa __wsopen_s 95465->95450 95468 780678 95467->95468 95469 78068d 95468->95469 95470 7806a6 95468->95470 95530 76f2c6 20 API calls _free 95469->95530 95516 775221 95470->95516 95473 780692 95531 76f2d9 20 API calls _free 95473->95531 95474 7806ab 95475 7806cb 95474->95475 95476 7806b4 95474->95476 95529 78039a CreateFileW 95475->95529 95532 76f2c6 20 API calls _free 95476->95532 95480 7806b9 95533 76f2d9 20 API calls _free 95480->95533 95481 7800f8 95515 780121 LeaveCriticalSection __wsopen_s 95481->95515 95483 780781 GetFileType 95484 78078c GetLastError 95483->95484 95485 7807d3 95483->95485 95536 76f2a3 20 API calls 2 library calls 95484->95536 95538 77516a 21 API calls 3 library calls 95485->95538 95486 780756 GetLastError 95535 76f2a3 20 API calls 2 library calls 95486->95535 95488 780704 95488->95483 95488->95486 95534 78039a CreateFileW 95488->95534 95490 78079a CloseHandle 95490->95473 95492 7807c3 95490->95492 95537 76f2d9 20 API calls _free 95492->95537 95494 780749 95494->95483 95494->95486 95496 7807f4 95498 780840 95496->95498 95539 7805ab 72 API calls 4 library calls 95496->95539 95497 7807c8 95497->95473 95502 78086d 95498->95502 95540 78014d 72 API calls 4 library calls 95498->95540 95501 780866 95501->95502 95503 78087e 95501->95503 95504 7786ae __wsopen_s 29 API calls 95502->95504 95503->95481 95505 7808fc CloseHandle 95503->95505 95504->95481 95541 78039a CreateFileW 95505->95541 95507 780927 95508 780931 GetLastError 95507->95508 95512 78095d 95507->95512 95542 76f2a3 20 API calls 2 library calls 95508->95542 95510 78093d 95543 775333 21 API calls 3 library calls 95510->95543 95512->95481 95513->95460 95514->95465 95515->95465 95517 77522d BuildCatchObjectHelperInternal 95516->95517 95544 772f5e EnterCriticalSection 95517->95544 95519 77527b 95545 77532a 95519->95545 95520 775234 95520->95519 95521 775259 95520->95521 95526 7752c7 EnterCriticalSection 95520->95526 95523 775000 __wsopen_s 21 API calls 95521->95523 95525 77525e 95523->95525 95524 7752a4 __wsopen_s 95524->95474 95525->95519 95548 775147 EnterCriticalSection 95525->95548 95526->95519 95527 7752d4 LeaveCriticalSection 95526->95527 95527->95520 95529->95488 95530->95473 95531->95481 95532->95480 95533->95473 95534->95494 95535->95473 95536->95490 95537->95497 95538->95496 95539->95498 95540->95501 95541->95507 95542->95510 95543->95512 95544->95520 95549 772fa6 LeaveCriticalSection 95545->95549 95547 775331 95547->95524 95548->95519 95549->95547 95550 742de3 95551 742df0 __wsopen_s 95550->95551 95552 782c2b ___scrt_fastfail 95551->95552 95553 742e09 95551->95553 95555 782c47 GetOpenFileNameW 95552->95555 95554 743aa2 23 API calls 95553->95554 95556 742e12 95554->95556 95557 782c96 95555->95557 95566 742da5 95556->95566 95559 746b57 22 API calls 95557->95559 95561 782cab 95559->95561 95561->95561 95563 742e27 95584 7444a8 95563->95584 95567 781f50 __wsopen_s 95566->95567 95568 742db2 GetLongPathNameW 95567->95568 95569 746b57 22 API calls 95568->95569 95570 742dda 95569->95570 95571 743598 95570->95571 95572 74a961 22 API calls 95571->95572 95573 7435aa 95572->95573 95574 743aa2 23 API calls 95573->95574 95575 7435b5 95574->95575 95576 7832eb 95575->95576 95577 7435c0 95575->95577 95582 78330d 95576->95582 95619 75ce60 41 API calls 95576->95619 95579 74515f 22 API calls 95577->95579 95580 7435cc 95579->95580 95613 7435f3 95580->95613 95583 7435df 95583->95563 95585 744ecb 94 API calls 95584->95585 95586 7444cd 95585->95586 95587 783833 95586->95587 95588 744ecb 94 API calls 95586->95588 95589 7b2cf9 80 API calls 95587->95589 95590 7444e1 95588->95590 95591 783848 95589->95591 95590->95587 95592 7444e9 95590->95592 95593 783869 95591->95593 95594 78384c 95591->95594 95597 7444f5 95592->95597 95598 783854 95592->95598 95596 75fe0b 22 API calls 95593->95596 95595 744f39 68 API calls 95594->95595 95595->95598 95609 7838ae 95596->95609 95620 74940c 136 API calls 2 library calls 95597->95620 95621 7ada5a 82 API calls 95598->95621 95601 783862 95601->95593 95602 742e31 95603 744f39 68 API calls 95606 783a5f 95603->95606 95606->95603 95627 7a989b 82 API calls __wsopen_s 95606->95627 95609->95606 95610 749cb3 22 API calls 95609->95610 95622 7a967e 22 API calls __fread_nolock 95609->95622 95623 7a95ad 42 API calls _wcslen 95609->95623 95624 7b0b5a 22 API calls 95609->95624 95625 74a4a1 22 API calls __fread_nolock 95609->95625 95626 743ff7 22 API calls 95609->95626 95610->95609 95614 743605 95613->95614 95618 743624 __fread_nolock 95613->95618 95617 75fe0b 22 API calls 95614->95617 95615 75fddb 22 API calls 95616 74363b 95615->95616 95616->95583 95617->95618 95618->95615 95619->95576 95620->95602 95621->95601 95622->95609 95623->95609 95624->95609 95625->95609 95626->95609 95627->95606 95628 792a00 95643 74d7b0 messages 95628->95643 95629 74db11 PeekMessageW 95629->95643 95630 74d807 GetInputState 95630->95629 95630->95643 95631 791cbe TranslateAcceleratorW 95631->95643 95633 74db8f PeekMessageW 95633->95643 95634 74da04 timeGetTime 95634->95643 95635 74db73 TranslateMessage DispatchMessageW 95635->95633 95636 74dbaf Sleep 95654 74dbc0 95636->95654 95637 792b74 Sleep 95637->95654 95638 75e551 timeGetTime 95638->95654 95639 791dda timeGetTime 95669 75e300 23 API calls 95639->95669 95640 7ad4dc 47 API calls 95640->95654 95642 792c0b GetExitCodeProcess 95644 792c21 WaitForSingleObject 95642->95644 95645 792c37 CloseHandle 95642->95645 95643->95629 95643->95630 95643->95631 95643->95633 95643->95634 95643->95635 95643->95636 95643->95637 95643->95639 95648 74d9d5 95643->95648 95656 74ec40 185 API calls 95643->95656 95657 751310 185 API calls 95643->95657 95658 74bf40 185 API calls 95643->95658 95660 74dd50 95643->95660 95667 74dfd0 185 API calls 3 library calls 95643->95667 95668 75edf6 IsDialogMessageW GetClassLongW 95643->95668 95670 7b3a2a 23 API calls 95643->95670 95671 7b359c 82 API calls __wsopen_s 95643->95671 95644->95643 95644->95645 95645->95654 95646 792a31 95646->95648 95647 7d29bf GetForegroundWindow 95647->95654 95650 792ca9 Sleep 95650->95643 95654->95638 95654->95640 95654->95642 95654->95643 95654->95646 95654->95647 95654->95648 95654->95650 95672 7c5658 23 API calls 95654->95672 95673 7ae97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95654->95673 95656->95643 95657->95643 95658->95643 95661 74dd6f 95660->95661 95662 74dd83 95660->95662 95674 74d260 95661->95674 95706 7b359c 82 API calls __wsopen_s 95662->95706 95665 74dd7a 95665->95643 95666 792f75 95666->95666 95667->95643 95668->95643 95669->95643 95670->95643 95671->95643 95672->95654 95673->95654 95675 74ec40 185 API calls 95674->95675 95685 74d29d 95675->95685 95676 791bc4 95713 7b359c 82 API calls __wsopen_s 95676->95713 95678 74d6d5 95680 74d30b messages 95678->95680 95691 75fe0b 22 API calls 95678->95691 95679 74d3c3 95679->95678 95682 74d3ce 95679->95682 95680->95665 95681 74d5ff 95683 74d614 95681->95683 95684 791bb5 95681->95684 95687 75fddb 22 API calls 95682->95687 95688 75fddb 22 API calls 95683->95688 95712 7c5705 23 API calls 95684->95712 95685->95676 95685->95678 95685->95679 95685->95680 95686 74d4b8 95685->95686 95690 75fddb 22 API calls 95685->95690 95701 74d429 __fread_nolock messages 95685->95701 95692 75fe0b 22 API calls 95686->95692 95694 74d3d5 __fread_nolock 95687->95694 95699 74d46a 95688->95699 95690->95685 95691->95694 95692->95701 95693 75fddb 22 API calls 95695 74d3f6 95693->95695 95694->95693 95694->95695 95695->95701 95707 74bec0 185 API calls 95695->95707 95697 791ba4 95711 7b359c 82 API calls __wsopen_s 95697->95711 95699->95665 95701->95681 95701->95697 95701->95699 95702 791b7f 95701->95702 95704 791b5d 95701->95704 95708 741f6f 185 API calls 95701->95708 95710 7b359c 82 API calls __wsopen_s 95702->95710 95709 7b359c 82 API calls __wsopen_s 95704->95709 95706->95666 95707->95701 95708->95701 95709->95699 95710->95699 95711->95699 95712->95676 95713->95680 95714 741cad SystemParametersInfoW 95715 782402 95718 741410 95715->95718 95719 7824b8 DestroyWindow 95718->95719 95720 74144f mciSendStringW 95718->95720 95732 7824c4 95719->95732 95721 7416c6 95720->95721 95722 74146b 95720->95722 95721->95722 95724 7416d5 UnregisterHotKey 95721->95724 95723 741479 95722->95723 95722->95732 95751 74182e 95723->95751 95724->95721 95726 782509 95733 78252d 95726->95733 95734 78251c FreeLibrary 95726->95734 95727 7824d8 95727->95732 95757 746246 CloseHandle 95727->95757 95728 7824e2 FindClose 95728->95732 95731 74148e 95731->95733 95739 74149c 95731->95739 95732->95726 95732->95727 95732->95728 95735 782541 VirtualFree 95733->95735 95742 741509 95733->95742 95734->95726 95735->95733 95736 7414f8 OleUninitialize 95736->95742 95737 741514 95741 741524 95737->95741 95738 782589 95744 782598 messages 95738->95744 95758 7b32eb 6 API calls messages 95738->95758 95739->95736 95755 741944 VirtualFreeEx CloseHandle 95741->95755 95742->95737 95742->95738 95747 782627 95744->95747 95759 7a64d4 22 API calls messages 95744->95759 95746 74153a 95746->95744 95748 74161f 95746->95748 95747->95747 95748->95747 95756 741876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95748->95756 95750 7416c1 95752 74183b 95751->95752 95753 741480 95752->95753 95760 7a702a 22 API calls 95752->95760 95753->95726 95753->95731 95755->95746 95756->95750 95757->95727 95758->95738 95759->95744 95760->95752 95761 782ba5 95762 742b25 95761->95762 95763 782baf 95761->95763 95789 742b83 7 API calls 95762->95789 95765 743a5a 24 API calls 95763->95765 95767 782bb8 95765->95767 95769 749cb3 22 API calls 95767->95769 95771 782bc6 95769->95771 95770 742b2f 95775 743837 49 API calls 95770->95775 95780 742b44 95770->95780 95772 782bce 95771->95772 95773 782bf5 95771->95773 95776 7433c6 22 API calls 95772->95776 95774 7433c6 22 API calls 95773->95774 95778 782bf1 GetForegroundWindow ShellExecuteW 95774->95778 95775->95780 95777 782bd9 95776->95777 95793 746350 22 API calls 95777->95793 95785 782c26 95778->95785 95779 742b5f 95787 742b66 SetCurrentDirectoryW 95779->95787 95780->95779 95783 7430f2 Shell_NotifyIconW 95780->95783 95783->95779 95784 782be7 95786 7433c6 22 API calls 95784->95786 95785->95779 95786->95778 95788 742b7a 95787->95788 95794 742cd4 7 API calls 95789->95794 95791 742b2a 95792 742c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95791->95792 95792->95770 95793->95784 95794->95791

                                                                            Executed Functions

                                                                            Function 007442DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 245 7442de-74434d call 74a961 GetVersionExW call 746b57 250 744353 245->250 251 783617-78362a 245->251 253 744355-744357 250->253 252 78362b-78362f 251->252 254 783631 252->254 255 783632-78363e 252->255 256 74435d-7443bc call 7493b2 call 7437a0 253->256 257 783656 253->257 254->255 255->252 259 783640-783642 255->259 273 7443c2-7443c4 256->273 274 7837df-7837e6 256->274 262 78365d-783660 257->262 259->253 261 783648-78364f 259->261 261->251 266 783651 261->266 263 783666-7836a8 262->263 264 74441b-744435 GetCurrentProcess IsWow64Process 262->264 263->264 267 7836ae-7836b1 263->267 269 744494-74449a 264->269 270 744437 264->270 266->257 271 7836db-7836e5 267->271 272 7836b3-7836bd 267->272 275 74443d-744449 269->275 270->275 279 7836f8-783702 271->279 280 7836e7-7836f3 271->280 276 7836ca-7836d6 272->276 277 7836bf-7836c5 272->277 273->262 278 7443ca-7443dd 273->278 281 7837e8 274->281 282 783806-783809 274->282 283 74444f-74445e LoadLibraryA 275->283 284 783824-783828 GetSystemInfo 275->284 276->264 277->264 285 7443e3-7443e5 278->285 286 783726-78372f 278->286 288 783704-783710 279->288 289 783715-783721 279->289 280->264 287 7837ee 281->287 290 78380b-78381a 282->290 291 7837f4-7837fc 282->291 292 744460-74446e GetProcAddress 283->292 293 74449c-7444a6 GetSystemInfo 283->293 295 78374d-783762 285->295 296 7443eb-7443ee 285->296 297 78373c-783748 286->297 298 783731-783737 286->298 287->291 288->264 289->264 290->287 299 78381c-783822 290->299 291->282 292->293 300 744470-744474 GetNativeSystemInfo 292->300 294 744476-744478 293->294 301 744481-744493 294->301 302 74447a-74447b FreeLibrary 294->302 305 78376f-78377b 295->305 306 783764-78376a 295->306 303 7443f4-74440f 296->303 304 783791-783794 296->304 297->264 298->264 299->291 300->294 302->301 308 744415 303->308 309 783780-78378c 303->309 304->264 307 78379a-7837c1 304->307 305->264 306->264 310 7837ce-7837da 307->310 311 7837c3-7837c9 307->311 308->264 309->264 310->264 311->264
                                                                            APIs
                                                                            • GetVersionExW.KERNEL32(?), ref: 0074430D
                                                                              • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                            • GetCurrentProcess.KERNEL32(?,007DCB64,00000000,?,?), ref: 00744422
                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00744429
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00744454
                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00744466
                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00744474
                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 0074447B
                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 007444A0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                            • API String ID: 3290436268-3101561225
                                                                            • Opcode ID: 933994b0e9f4cf6b2e342bbdb404367c010c125b2c7e8f3116e2e96522ead5fa
                                                                            • Instruction ID: 996b0fff955ba935e29db7a257a73b221d98ec6e40b3aa52e483147aa4ffaa49
                                                                            • Opcode Fuzzy Hash: 933994b0e9f4cf6b2e342bbdb404367c010c125b2c7e8f3116e2e96522ead5fa
                                                                            • Instruction Fuzzy Hash: D8A1946190A2D0DFCF12D76D7C8D3DA7FAC7F26700B18C49AD26193B6AD62C4508DB26
                                                                            Function 007442A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 649 7442a2-7442ba CreateStreamOnHGlobal 650 7442bc-7442d3 FindResourceExW 649->650 651 7442da-7442dd 649->651 652 7835ba-7835c9 LoadResource 650->652 653 7442d9 650->653 652->653 654 7835cf-7835dd SizeofResource 652->654 653->651 654->653 655 7835e3-7835ee LockResource 654->655 655->653 656 7835f4-783612 655->656 656->653
                                                                            APIs
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,007450AA,?,?,00000000,00000000), ref: 007442B2
                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007450AA,?,?,00000000,00000000), ref: 007442C9
                                                                            • LoadResource.KERNEL32(?,00000000,?,?,007450AA,?,?,00000000,00000000,?,?,?,?,?,?,00744F20), ref: 007835BE
                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,007450AA,?,?,00000000,00000000,?,?,?,?,?,?,00744F20), ref: 007835D3
                                                                            • LockResource.KERNEL32(007450AA,?,?,007450AA,?,?,00000000,00000000,?,?,?,?,?,?,00744F20,?), ref: 007835E6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                            • String ID: SCRIPT
                                                                            • API String ID: 3051347437-3967369404
                                                                            • Opcode ID: 4ff808bd970047b01b7f24543cd5e2885064a179f9b33ba2500accdafc60ea5a
                                                                            • Instruction ID: 21f856563ebc288fca603f8b3447c85141aa3da20bbccc3f728858510e24bd31
                                                                            • Opcode Fuzzy Hash: 4ff808bd970047b01b7f24543cd5e2885064a179f9b33ba2500accdafc60ea5a
                                                                            • Instruction Fuzzy Hash: 4A117CB1201701BFDB228BA5DC49F277BB9FBC5B51F10816EB41296290DBB5E800D620
                                                                            Function 00782BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00742B6B
                                                                              • Part of subcall function 00743A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00811418,?,00742E7F,?,?,?,00000000), ref: 00743A78
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,00802224), ref: 00782C10
                                                                            • ShellExecuteW.SHELL32(00000000,?,?,00802224), ref: 00782C17
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                            • String ID: runas
                                                                            • API String ID: 448630720-4000483414
                                                                            • Opcode ID: ba6901514be3c5c392317ea5cdfccfacf2710969f35dff5f07ce4ff84b3e7127
                                                                            • Instruction ID: 388df138fe348c483c0666af29da08cc36f60e4c4f117b66c06c87b2bc2f1f5f
                                                                            • Opcode Fuzzy Hash: ba6901514be3c5c392317ea5cdfccfacf2710969f35dff5f07ce4ff84b3e7127
                                                                            • Instruction Fuzzy Hash: CE11E471208341EACB04FF60D85D9AEBBA9EF91710F44442DF28A420A3DF3C894AC722
                                                                            Function 007AD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 007AD501
                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 007AD50F
                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 007AD52F
                                                                            • FindCloseChangeNotification.KERNEL32(00000000), ref: 007AD5DC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                            • String ID:
                                                                            • API String ID: 3243318325-0
                                                                            • Opcode ID: ba51cb45d15bd588a6d4dbca90ca492f822c573739cde9c251cca0e6c0562af5
                                                                            • Instruction ID: d75771f8e62fcd82ac198559971249df8ebb1332659047c86f7212f2d6cc0516
                                                                            • Opcode Fuzzy Hash: ba51cb45d15bd588a6d4dbca90ca492f822c573739cde9c251cca0e6c0562af5
                                                                            • Instruction Fuzzy Hash: 93319372108301DFD311EF54C885AAFBBF8EFD9354F14052DF582861A2EB759944CBA2
                                                                            Function 007ADBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 918 7adbbe-7adbda lstrlenW 919 7adbdc-7adbe6 GetFileAttributesW 918->919 920 7adc06 918->920 921 7adbe8-7adbf7 FindFirstFileW 919->921 922 7adc09-7adc0d 919->922 920->922 921->920 923 7adbf9-7adc04 FindClose 921->923 923->922
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,00785222), ref: 007ADBCE
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 007ADBDD
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 007ADBEE
                                                                            • FindClose.KERNEL32(00000000), ref: 007ADBFA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                            • String ID:
                                                                            • API String ID: 2695905019-0
                                                                            • Opcode ID: 9418e03cfbbdc3b9c339659b59d5999d674bdcdbb9cf5498999a84806f0a2681
                                                                            • Instruction ID: 41a63cb297115be55f25bff255d3fcd0963f0c0be6925e84472af5a7a18b1b08
                                                                            • Opcode Fuzzy Hash: 9418e03cfbbdc3b9c339659b59d5999d674bdcdbb9cf5498999a84806f0a2681
                                                                            • Instruction Fuzzy Hash: C0F0A0308119255B92316B78AC0D8AA377CAE82334F908713F876D24E0EBBC6D54C6A9
                                                                            Function 00764CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32(007728E9,?,00764CBE,007728E9,008088B8,0000000C,00764E15,007728E9,00000002,00000000,?,007728E9), ref: 00764D09
                                                                            • TerminateProcess.KERNEL32(00000000,?,00764CBE,007728E9,008088B8,0000000C,00764E15,007728E9,00000002,00000000,?,007728E9), ref: 00764D10
                                                                            • ExitProcess.KERNEL32 ref: 00764D22
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CurrentExitTerminate
                                                                            • String ID:
                                                                            • API String ID: 1703294689-0
                                                                            • Opcode ID: a7439cfefdb3bc8d0f751962913ca22eb93d8d097e0fab2ed62e206cf8d840d6
                                                                            • Instruction ID: d4ecd8acd8394b4dc21dee753dfcb7a46f9b559fc4375f86df191f915fdeb928
                                                                            • Opcode Fuzzy Hash: a7439cfefdb3bc8d0f751962913ca22eb93d8d097e0fab2ed62e206cf8d840d6
                                                                            • Instruction Fuzzy Hash: 8FE0B631501549ABCF12AF64DD09A583B79EB41781F108015FD0A9B122CB3DDD42DA84
                                                                            Function 0074D730 Relevance: 21.6, APIs: 14, Instructions: 631sleepsynchronizationtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetInputState.USER32 ref: 0074D807
                                                                            • timeGetTime.WINMM ref: 0074DA07
                                                                            • Sleep.KERNEL32(0000000A), ref: 0074DBB1
                                                                            • Sleep.KERNEL32(0000000A), ref: 00792B76
                                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00792C11
                                                                            • WaitForSingleObject.KERNEL32(?,00000000), ref: 00792C29
                                                                            • CloseHandle.KERNEL32(?), ref: 00792C3D
                                                                            • Sleep.KERNEL32(?,CCCCCCCC,00000000), ref: 00792CA9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Sleep$CloseCodeExitHandleInputObjectProcessSingleStateTimeWaittime
                                                                            • String ID:
                                                                            • API String ID: 388478766-0
                                                                            • Opcode ID: 56413d5ef09fd12eb6e557f0db9cde536db1da87fe5d59cdf0e079d50c57189a
                                                                            • Instruction ID: 0ea7f8632107156e0b2856169b407f5809718c789e8fb56e4d0e44b49654e2c5
                                                                            • Opcode Fuzzy Hash: 56413d5ef09fd12eb6e557f0db9cde536db1da87fe5d59cdf0e079d50c57189a
                                                                            • Instruction Fuzzy Hash: F0420270604242EFDB39DF24D888BAAB7E5FF46304F148519E89587292D77CEC45CB92
                                                                            Function 00742CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00742D07
                                                                            • RegisterClassExW.USER32(00000030), ref: 00742D31
                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00742D42
                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00742D5F
                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00742D6F
                                                                            • LoadIconW.USER32(000000A9), ref: 00742D85
                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00742D94
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                            • API String ID: 2914291525-1005189915
                                                                            • Opcode ID: 8f57f30f07a22dc5a0d256e6ca72f2a4ed74876a1a31d1d6489fe1ac241a85b2
                                                                            • Instruction ID: 07117b1c4bd8a4ee31a12afc8a5b453477b561f7df4a0c5ac4ab4821e5edd0e6
                                                                            • Opcode Fuzzy Hash: 8f57f30f07a22dc5a0d256e6ca72f2a4ed74876a1a31d1d6489fe1ac241a85b2
                                                                            • Instruction Fuzzy Hash: 4321E3B1902209AFDF01DFA4ED49BDDBFB8FB08710F00811AF621A62A0D7B95544CF94
                                                                            Function 0078065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 313 78065b-78068b call 78042f 316 78068d-780698 call 76f2c6 313->316 317 7806a6-7806b2 call 775221 313->317 324 78069a-7806a1 call 76f2d9 316->324 322 7806cb-780714 call 78039a 317->322 323 7806b4-7806c9 call 76f2c6 call 76f2d9 317->323 332 780781-78078a GetFileType 322->332 333 780716-78071f 322->333 323->324 334 78097d-780983 324->334 335 78078c-7807bd GetLastError call 76f2a3 CloseHandle 332->335 336 7807d3-7807d6 332->336 338 780721-780725 333->338 339 780756-78077c GetLastError call 76f2a3 333->339 335->324 350 7807c3-7807ce call 76f2d9 335->350 341 7807d8-7807dd 336->341 342 7807df-7807e5 336->342 338->339 343 780727-780754 call 78039a 338->343 339->324 346 7807e9-780837 call 77516a 341->346 342->346 347 7807e7 342->347 343->332 343->339 356 780839-780845 call 7805ab 346->356 357 780847-78086b call 78014d 346->357 347->346 350->324 356->357 362 78086f-780879 call 7786ae 356->362 363 78086d 357->363 364 78087e-7808c1 357->364 362->334 363->362 366 7808e2-7808f0 364->366 367 7808c3-7808c7 364->367 370 78097b 366->370 371 7808f6-7808fa 366->371 367->366 369 7808c9-7808dd 367->369 369->366 370->334 371->370 372 7808fc-78092f CloseHandle call 78039a 371->372 375 780931-78095d GetLastError call 76f2a3 call 775333 372->375 376 780963-780977 372->376 375->376 376->370
                                                                            APIs
                                                                              • Part of subcall function 0078039A: CreateFileW.KERNEL32(00000000,00000000,?,00780704,?,?,00000000,?,00780704,00000000,0000000C), ref: 007803B7
                                                                            • GetLastError.KERNEL32 ref: 0078076F
                                                                            • __dosmaperr.LIBCMT ref: 00780776
                                                                            • GetFileType.KERNEL32(00000000), ref: 00780782
                                                                            • GetLastError.KERNEL32 ref: 0078078C
                                                                            • __dosmaperr.LIBCMT ref: 00780795
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007807B5
                                                                            • CloseHandle.KERNEL32(?), ref: 007808FF
                                                                            • GetLastError.KERNEL32 ref: 00780931
                                                                            • __dosmaperr.LIBCMT ref: 00780938
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                            • String ID: H
                                                                            • API String ID: 4237864984-2852464175
                                                                            • Opcode ID: dd4d4520b2ec161d96429c5e7db375df662337f8f4452885775768561f9bdc95
                                                                            • Instruction ID: 13adedd36dde6b0e417ffee2b3cf50f417d003d9a1f2f7a7647913f2cb89ba31
                                                                            • Opcode Fuzzy Hash: dd4d4520b2ec161d96429c5e7db375df662337f8f4452885775768561f9bdc95
                                                                            • Instruction Fuzzy Hash: 51A12432A401088FDF19AF68DC56BAE7BA0AF06320F14415EF815DB2D1DB399D56CF91
                                                                            Function 0074344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                              • Part of subcall function 00743A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00811418,?,00742E7F,?,?,?,00000000), ref: 00743A78
                                                                              • Part of subcall function 00743357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00743379
                                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0074356A
                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0078318D
                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007831CE
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00783210
                                                                            • _wcslen.LIBCMT ref: 00783277
                                                                            • _wcslen.LIBCMT ref: 00783286
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                            • API String ID: 98802146-2727554177
                                                                            • Opcode ID: 209687468b95e68c1e44a0f648b01d1f265fcf3404812e6a94182e07b0033e2a
                                                                            • Instruction ID: 22ed1d65ee9ea0f46bec65d945bf35ff9e6635f610e866565a9517137cecec1f
                                                                            • Opcode Fuzzy Hash: 209687468b95e68c1e44a0f648b01d1f265fcf3404812e6a94182e07b0033e2a
                                                                            • Instruction Fuzzy Hash: 41718BB14053019EC304EF69DC869ABBBECFF84740F40852EF55583271EB389A58CB62
                                                                            Function 00742B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00742B8E
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00742B9D
                                                                            • LoadIconW.USER32(00000063), ref: 00742BB3
                                                                            • LoadIconW.USER32(000000A4), ref: 00742BC5
                                                                            • LoadIconW.USER32(000000A2), ref: 00742BD7
                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00742BEF
                                                                            • RegisterClassExW.USER32(?), ref: 00742C40
                                                                              • Part of subcall function 00742CD4: GetSysColorBrush.USER32(0000000F), ref: 00742D07
                                                                              • Part of subcall function 00742CD4: RegisterClassExW.USER32(00000030), ref: 00742D31
                                                                              • Part of subcall function 00742CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00742D42
                                                                              • Part of subcall function 00742CD4: InitCommonControlsEx.COMCTL32(?), ref: 00742D5F
                                                                              • Part of subcall function 00742CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00742D6F
                                                                              • Part of subcall function 00742CD4: LoadIconW.USER32(000000A9), ref: 00742D85
                                                                              • Part of subcall function 00742CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00742D94
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                            • String ID: #$0$AutoIt v3
                                                                            • API String ID: 423443420-4155596026
                                                                            • Opcode ID: 0f4ac232c07fd44c1ee1a63dd0716d0bbb5b17556c083836192b305e6469138a
                                                                            • Instruction ID: 5373d9864a822802a962969bc231820399031bd07bc479bb9623865df0f1ae97
                                                                            • Opcode Fuzzy Hash: 0f4ac232c07fd44c1ee1a63dd0716d0bbb5b17556c083836192b305e6469138a
                                                                            • Instruction Fuzzy Hash: 7B211D70E01314ABDF119F95EC59AD97FB8FF48B50F04801AE611A67A4D7B91540CF94
                                                                            Function 00743170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 454 743170-743185 455 7431e5-7431e7 454->455 456 743187-74318a 454->456 455->456 457 7431e9 455->457 458 74318c-743193 456->458 459 7431eb 456->459 460 7431d0-7431d8 DefWindowProcW 457->460 463 743265-74326d PostQuitMessage 458->463 464 743199-74319e 458->464 461 782dfb-782e23 call 7418e2 call 75e499 459->461 462 7431f1-7431f6 459->462 470 7431de-7431e4 460->470 500 782e28-782e2f 461->500 465 74321d-743244 SetTimer RegisterWindowMessageW 462->465 466 7431f8-7431fb 462->466 471 743219-74321b 463->471 468 7431a4-7431a8 464->468 469 782e7c-782e90 call 7abf30 464->469 465->471 475 743246-743251 CreatePopupMenu 465->475 472 782d9c-782d9f 466->472 473 743201-74320f KillTimer call 7430f2 466->473 476 782e68-782e77 call 7ac161 468->476 477 7431ae-7431b3 468->477 469->471 495 782e96 469->495 471->470 479 782da1-782da5 472->479 480 782dd7-782df6 MoveWindow 472->480 490 743214 call 743c50 473->490 475->471 476->471 484 782e4d-782e54 477->484 485 7431b9-7431be 477->485 487 782dc6-782dd2 SetFocus 479->487 488 782da7-782daa 479->488 480->471 484->460 489 782e5a-782e63 call 7a0ad7 484->489 493 7431c4-7431ca 485->493 494 743253-743263 call 74326f 485->494 487->471 488->493 496 782db0-782dc1 call 7418e2 488->496 489->460 490->471 493->460 493->500 494->471 495->460 496->471 500->460 504 782e35-782e48 call 7430f2 call 743837 500->504 504->460
                                                                            APIs
                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0074316A,?,?), ref: 007431D8
                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,0074316A,?,?), ref: 00743204
                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00743227
                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0074316A,?,?), ref: 00743232
                                                                            • CreatePopupMenu.USER32 ref: 00743246
                                                                            • PostQuitMessage.USER32(00000000), ref: 00743267
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                            • String ID: TaskbarCreated
                                                                            • API String ID: 129472671-2362178303
                                                                            • Opcode ID: ccfb1a1f8ad13297b9a5c219529597710c9c6c7499e3a5bcf396c015114edbe0
                                                                            • Instruction ID: 28a2bdf2691b8b521ebcf2e71c89298f707c76498709a7c11bc466c1865623eb
                                                                            • Opcode Fuzzy Hash: ccfb1a1f8ad13297b9a5c219529597710c9c6c7499e3a5bcf396c015114edbe0
                                                                            • Instruction Fuzzy Hash: 95412B31240209E7DF152B789C4DBF93B2DFF05310F048116F62AC62A6C7BD9A41D7A5
                                                                            Function 00741410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 510 741410-741449 511 7824b8-7824b9 DestroyWindow 510->511 512 74144f-741465 mciSendStringW 510->512 515 7824c4-7824d1 511->515 513 7416c6-7416d3 512->513 514 74146b-741473 512->514 517 7416d5-7416f0 UnregisterHotKey 513->517 518 7416f8-7416ff 513->518 514->515 516 741479-741488 call 74182e 514->516 520 782500-782507 515->520 521 7824d3-7824d6 515->521 531 78250e-78251a 516->531 532 74148e-741496 516->532 517->518 523 7416f2-7416f3 call 7410d0 517->523 518->514 519 741705 518->519 519->513 520->515 525 782509 520->525 526 7824d8-7824e0 call 746246 521->526 527 7824e2-7824e5 FindClose 521->527 523->518 525->531 530 7824eb-7824f8 526->530 527->530 530->520 533 7824fa-7824fb call 7b32b1 530->533 536 78251c-78251e FreeLibrary 531->536 537 782524-78252b 531->537 534 74149c-7414c1 call 74cfa0 532->534 535 782532-78253f 532->535 533->520 547 7414c3 534->547 548 7414f8-741503 OleUninitialize 534->548 542 782541-78255e VirtualFree 535->542 543 782566-78256d 535->543 536->537 537->531 541 78252d 537->541 541->535 542->543 545 782560-782561 call 7b3317 542->545 543->535 546 78256f 543->546 545->543 550 782574-782578 546->550 551 7414c6-7414f6 call 741a05 call 7419ae 547->551 548->550 552 741509-74150e 548->552 550->552 553 78257e-782584 550->553 551->548 555 741514-74151e 552->555 556 782589-782596 call 7b32eb 552->556 553->552 559 741524-7415a5 call 74988f call 741944 call 7417d5 call 75fe14 call 74177c call 74988f call 74cfa0 call 7417fe call 75fe14 555->559 560 741707-741714 call 75f80e 555->560 568 782598 556->568 573 78259d-7825bf call 75fdcd 559->573 600 7415ab-7415cf call 75fe14 559->600 560->559 570 74171a 560->570 568->573 570->560 579 7825c1 573->579 582 7825c6-7825e8 call 75fdcd 579->582 587 7825ea 582->587 590 7825ef-782611 call 75fdcd 587->590 596 782613 590->596 599 782618-782625 call 7a64d4 596->599 606 782627 599->606 600->582 605 7415d5-7415f9 call 75fe14 600->605 605->590 610 7415ff-741619 call 75fe14 605->610 609 78262c-782639 call 75ac64 606->609 614 78263b 609->614 610->599 616 74161f-741643 call 7417d5 call 75fe14 610->616 617 782640-78264d call 7b3245 614->617 616->609 625 741649-741651 616->625 623 78264f 617->623 626 782654-782661 call 7b32cc 623->626 625->617 627 741657-741675 call 74988f call 74190a 625->627 633 782663 626->633 627->626 635 74167b-741689 627->635 636 782668-782675 call 7b32cc 633->636 635->636 637 74168f-7416c5 call 74988f * 3 call 741876 635->637 641 782677 636->641 641->641
                                                                            APIs
                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00741459
                                                                            • OleUninitialize.OLE32(?,00000000), ref: 007414F8
                                                                            • UnregisterHotKey.USER32(?), ref: 007416DD
                                                                            • DestroyWindow.USER32(?), ref: 007824B9
                                                                            • FreeLibrary.KERNEL32(?), ref: 0078251E
                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0078254B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                            • String ID: close all
                                                                            • API String ID: 469580280-3243417748
                                                                            • Opcode ID: 6f4fed00f9e830de96b9a1d82c9ee49528938ba47738693a95ac4dd6ff476f09
                                                                            • Instruction ID: dfacbd5bb6b431d7065e5ce81c7d01b670e9d60136a3cdd71645a45971f16f4c
                                                                            • Opcode Fuzzy Hash: 6f4fed00f9e830de96b9a1d82c9ee49528938ba47738693a95ac4dd6ff476f09
                                                                            • Instruction Fuzzy Hash: 12D18C31741212CFCB19EF14C899A69F7A4BF05301F5442ADE84A6B252DB38ED63CF55
                                                                            Function 00742C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 659 742c63-742cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                            APIs
                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00742C91
                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00742CB2
                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00741CAD,?), ref: 00742CC6
                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00741CAD,?), ref: 00742CCF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CreateShow
                                                                            • String ID: AutoIt v3$edit
                                                                            • API String ID: 1584632944-3779509399
                                                                            • Opcode ID: d26258b243a2e4b074902937060bb5c30845f1f4cc0dc50fdd3c6367dcfe7adb
                                                                            • Instruction ID: e0f000a77e1a84f46732760a0609f3c7cb8357de8e5f536add62b33e9878fdee
                                                                            • Opcode Fuzzy Hash: d26258b243a2e4b074902937060bb5c30845f1f4cc0dc50fdd3c6367dcfe7adb
                                                                            • Instruction Fuzzy Hash: 0FF0DA755402907AEF311717AC0CEB76EBDEBC6F60B00815AFA10A26A4C6691850DAB4
                                                                            Function 007CAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 774 7cad64-7cad9c call 74a961 call 762340 779 7cad9e-7cadb5 call 747510 774->779 780 7cadd1-7cadd5 774->780 779->780 788 7cadb7-7cadce call 747510 call 747620 779->788 781 7cadd7-7cadee call 747510 call 747620 780->781 782 7cadf1-7cadf5 780->782 781->782 786 7cae3a 782->786 787 7cadf7-7cae0e call 747510 782->787 790 7cae3c-7cae40 786->790 787->790 797 7cae10-7cae21 call 749b47 787->797 788->780 794 7cae42-7cae50 call 74b567 790->794 795 7cae53-7caeae call 762340 call 747510 ShellExecuteExW 790->795 794->795 811 7caeb7-7caeb9 795->811 812 7caeb0-7caeb6 call 75fe14 795->812 797->786 810 7cae23-7cae2e call 747510 797->810 810->786 819 7cae30-7cae35 call 74a8c7 810->819 816 7caebb-7caec1 call 75fe14 811->816 817 7caec2-7caec6 811->817 812->811 816->817 821 7caec8-7caed6 817->821 822 7caf0a-7caf0e 817->822 819->786 827 7caed8 821->827 828 7caedb-7caeeb 821->828 823 7caf1b-7caf33 call 74cfa0 822->823 824 7caf10-7caf19 822->824 829 7caf6d-7caf7b call 74988f 823->829 837 7caf35-7caf46 GetProcessId 823->837 824->829 827->828 831 7caeed 828->831 832 7caef0-7caf08 call 74cfa0 828->832 831->832 832->829 839 7caf4e-7caf67 call 74cfa0 CloseHandle 837->839 840 7caf48 837->840 839->829 840->839
                                                                            APIs
                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 007CAEA3
                                                                              • Part of subcall function 00747620: _wcslen.LIBCMT ref: 00747625
                                                                            • GetProcessId.KERNEL32(00000000), ref: 007CAF38
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007CAF67
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                            • String ID: <$@
                                                                            • API String ID: 146682121-1426351568
                                                                            • Opcode ID: c4b4d459c0a023d5b6933050ab24733515ead5126c17428939353946039baf9c
                                                                            • Instruction ID: b7e4e795074fd2c19fbb62e1ed03c8a557763b89b7ac270a4d0896b8abfaf5b3
                                                                            • Opcode Fuzzy Hash: c4b4d459c0a023d5b6933050ab24733515ead5126c17428939353946039baf9c
                                                                            • Instruction Fuzzy Hash: 7A713671A00619EFCB14DF54C489A9EBBF0EF08315F04849DE816AB362C779ED45CB91
                                                                            Function 00743B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 879 743b1c-743b27 880 743b99-743b9b 879->880 881 743b29-743b2e 879->881 882 743b8c-743b8f 880->882 881->880 883 743b30-743b48 RegOpenKeyExW 881->883 883->880 884 743b4a-743b69 RegQueryValueExW 883->884 885 743b80-743b8b RegCloseKey 884->885 886 743b6b-743b76 884->886 885->882 887 743b90-743b97 886->887 888 743b78-743b7a 886->888 889 743b7e 887->889 888->889 889->885
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00743B0F,SwapMouseButtons,00000004,?), ref: 00743B40
                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00743B0F,SwapMouseButtons,00000004,?), ref: 00743B61
                                                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00743B0F,SwapMouseButtons,00000004,?), ref: 00743B83
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseOpenQueryValue
                                                                            • String ID: Control Panel\Mouse
                                                                            • API String ID: 3677997916-824357125
                                                                            • Opcode ID: 6e83db1521d259cf1596dd72a8225c42674c484705e3b0ecb327f36440e66da8
                                                                            • Instruction ID: ef6cfdaebd46186cb5415da06d1401db940454d4c1ec6402e158e53e5d70c4bb
                                                                            • Opcode Fuzzy Hash: 6e83db1521d259cf1596dd72a8225c42674c484705e3b0ecb327f36440e66da8
                                                                            • Instruction Fuzzy Hash: 101127B5611208FFDB218FA5DC84AAEBBB8EF05744B10856AA809D7110E3359E44DBA4
                                                                            Function 00743923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007833A2
                                                                              • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00743A04
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                            • String ID: Line:
                                                                            • API String ID: 2289894680-1585850449
                                                                            • Opcode ID: 649ec2696c431588676c046c64d77dabd978ec8ce91592b0a5b7e4c420dbd8e9
                                                                            • Instruction ID: a757d859766d62c6bf4369a177c9e00fb44a43c653dfcce82172f03fdb34a608
                                                                            • Opcode Fuzzy Hash: 649ec2696c431588676c046c64d77dabd978ec8ce91592b0a5b7e4c420dbd8e9
                                                                            • Instruction Fuzzy Hash: BC31A471548300AAD721EB24DC49BDBB7ECAF41714F10491AF5AD92291DB7C9649C7C2
                                                                            Function 0075FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00760668
                                                                              • Part of subcall function 007632A4: RaiseException.KERNEL32(?,?,?,0076068A,?,00811444,?,?,?,?,?,?,0076068A,00741129,00808738,00741129), ref: 00763304
                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00760685
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                            • String ID: Unknown exception
                                                                            • API String ID: 3476068407-410509341
                                                                            • Opcode ID: 723f56df06e9f9c8cfeda5a9cb4f3b8c98c9eaeee440da32bc0b1a01fda64364
                                                                            • Instruction ID: 4062aa5e7f6b335b1de034a11cf8723ef624c889380522a1f72a84fd2ae8101a
                                                                            • Opcode Fuzzy Hash: 723f56df06e9f9c8cfeda5a9cb4f3b8c98c9eaeee440da32bc0b1a01fda64364
                                                                            • Instruction Fuzzy Hash: 99F0FF34A0030DE7CB00BAA4DC5AC9E777CAE00310B608035FD26D6A92EF79DA69C9D0
                                                                            Function 007410F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00741BF4
                                                                              • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00741BFC
                                                                              • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00741C07
                                                                              • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00741C12
                                                                              • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00741C1A
                                                                              • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00741C22
                                                                              • Part of subcall function 00741B4A: RegisterWindowMessageW.USER32(00000004,?,007412C4), ref: 00741BA2
                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0074136A
                                                                            • OleInitialize.OLE32 ref: 00741388
                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 007824AB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                            • String ID:
                                                                            • API String ID: 1986988660-0
                                                                            • Opcode ID: 8dbac4f4d58151de6b6e0b46b6dbe2f3806b6f6c17d5dc5e0c30903a6c13aea3
                                                                            • Instruction ID: 4c140fe1edb5e1403d32bd6a53c4f3dc54edb0e6c96048882f7c188cb7e6992b
                                                                            • Opcode Fuzzy Hash: 8dbac4f4d58151de6b6e0b46b6dbe2f3806b6f6c17d5dc5e0c30903a6c13aea3
                                                                            • Instruction Fuzzy Hash: 567195B49122018E8F84EFA9A85D6D57AEAFF88740754C23AD60AC7361EB385485CF48
                                                                            Function 007786AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,007785CC,?,00808CC8,0000000C), ref: 00778704
                                                                            • GetLastError.KERNEL32(?,007785CC,?,00808CC8,0000000C), ref: 0077870E
                                                                            • __dosmaperr.LIBCMT ref: 00778739
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                            • String ID:
                                                                            • API String ID: 490808831-0
                                                                            • Opcode ID: b1b33b6b7ab939680b29230a4f348cdd1b018955dfd19b30c67f00ebaf5bbdb9
                                                                            • Instruction ID: 0c66fd8d860184f27c9fa6b528b9681340f6fead8564c9587c9e28f54980da4a
                                                                            • Opcode Fuzzy Hash: b1b33b6b7ab939680b29230a4f348cdd1b018955dfd19b30c67f00ebaf5bbdb9
                                                                            • Instruction Fuzzy Hash: 37014C32A4532076DEA46334E84EB6E274A4B817F8F29C119E80CCB0E3DDEC8C818192
                                                                            Function 00751310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __Init_thread_footer.LIBCMT ref: 007517F6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Init_thread_footer
                                                                            • String ID: CALL
                                                                            • API String ID: 1385522511-4196123274
                                                                            • Opcode ID: 812ddddb3c25f26d3dd4c3dca33c19580158c97eaba02e98bacd08c50c736391
                                                                            • Instruction ID: 8466e23eced39660e727cb6f975f4634fc952985874d3a049c3cb52050d4f098
                                                                            • Opcode Fuzzy Hash: 812ddddb3c25f26d3dd4c3dca33c19580158c97eaba02e98bacd08c50c736391
                                                                            • Instruction Fuzzy Hash: 3422BB70608241DFC714CF14C484BAABBF1BF89316F548A1DF8968B361D7B9E959CB82
                                                                            Function 00742DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00782C8C
                                                                              • Part of subcall function 00743AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00743A97,?,?,00742E7F,?,?,?,00000000), ref: 00743AC2
                                                                              • Part of subcall function 00742DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00742DC4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                            • String ID: X
                                                                            • API String ID: 779396738-3081909835
                                                                            • Opcode ID: ffaba4f34842008242cfcd04d8f162c0ebeb17a5edbc4fb026c479a58f844239
                                                                            • Instruction ID: 57baed0220494e8994f0c1720b4572502624b9292692bf95171abcae6918e7fb
                                                                            • Opcode Fuzzy Hash: ffaba4f34842008242cfcd04d8f162c0ebeb17a5edbc4fb026c479a58f844239
                                                                            • Instruction Fuzzy Hash: 61218171A00258DBCB41AF94CC49BEE7BBCAF49314F008059E505E7282EBB85A59CFA5
                                                                            Function 00743837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00743908
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_
                                                                            • String ID:
                                                                            • API String ID: 1144537725-0
                                                                            • Opcode ID: e14c55287959f19f120084471b8c0e61c4eef892c625164b588a8ef0e2293e37
                                                                            • Instruction ID: fd3f06fe26caecc371d59770d40996fef3f427d5338cc4201d382738cd42aa2b
                                                                            • Opcode Fuzzy Hash: e14c55287959f19f120084471b8c0e61c4eef892c625164b588a8ef0e2293e37
                                                                            • Instruction Fuzzy Hash: 2B315EB0505701DFD761DF24D889B97BBE8FF49708F00092EF6AA87250E779AA44CB52
                                                                            Function 00744ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00744E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00744EDD,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E9C
                                                                              • Part of subcall function 00744E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00744EAE
                                                                              • Part of subcall function 00744E90: FreeLibrary.KERNEL32(00000000,?,?,00744EDD,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744EC0
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744EFD
                                                                              • Part of subcall function 00744E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00783CDE,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E62
                                                                              • Part of subcall function 00744E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00744E74
                                                                              • Part of subcall function 00744E59: FreeLibrary.KERNEL32(00000000,?,?,00783CDE,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E87
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$Load$AddressFreeProc
                                                                            • String ID:
                                                                            • API String ID: 2632591731-0
                                                                            • Opcode ID: 73dc6ce15db51de38989f4c64b77f64e75db7f8ff1a89f40aa2c9c1855b5e7ab
                                                                            • Instruction ID: b7c2572902c0523260d352b5b9e2f808fcbdf34f75b54ac58a90f2549c02594e
                                                                            • Opcode Fuzzy Hash: 73dc6ce15db51de38989f4c64b77f64e75db7f8ff1a89f40aa2c9c1855b5e7ab
                                                                            • Instruction Fuzzy Hash: 6D11E332640205EBCB14BB64DC0AFAD77A5AF40B10F10842EF542A61D2EF7CAA09A760
                                                                            Function 00778402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __wsopen_s
                                                                            • String ID:
                                                                            • API String ID: 3347428461-0
                                                                            • Opcode ID: e0aa94b50f736163b638abb53b5f2f5b0c4d77fc6e563c3cbd9389a220afa55f
                                                                            • Instruction ID: da0e13a1fffe03485003c282a792930029a52449f9e123d9c601e25b2f6da3a1
                                                                            • Opcode Fuzzy Hash: e0aa94b50f736163b638abb53b5f2f5b0c4d77fc6e563c3cbd9389a220afa55f
                                                                            • Instruction Fuzzy Hash: 8B11187590410AAFCF05DF58E94599A7BF9EF48314F108069F808AB312DA75EA11CBA5
                                                                            Function 00775000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00774C7D: RtlAllocateHeap.NTDLL(00000008,00741129,00000000,?,00772E29,00000001,00000364,?,?,?,0076F2DE,00773863,00811444,?,0075FDF5,?), ref: 00774CBE
                                                                            • _free.LIBCMT ref: 0077506C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap_free
                                                                            • String ID:
                                                                            • API String ID: 614378929-0
                                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                            • Instruction ID: 3d2c3d3ddd92956722e343c22d7a9c639b7d608d5ceefea078e2c7f091651667
                                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                            • Instruction Fuzzy Hash: 3E014E722047049BE7318F65D84595AFBECFB853B0F25461DE198932C0E7746C05C774
                                                                            Function 0076E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                            • Instruction ID: 81abe461b0c0a8f0948690c15eeaebd99a71f3372f81e0df2ec19ca27c9cf4e2
                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                            • Instruction Fuzzy Hash: C0F0F936510A14EACA313A65DC0DB5A33989F52370F104715FD26A21D2CB7CA80289B6
                                                                            Function 00774C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00000008,00741129,00000000,?,00772E29,00000001,00000364,?,?,?,0076F2DE,00773863,00811444,?,0075FDF5,?), ref: 00774CBE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: addcd3fe58918c020aa7f225b824d4065e1537052742ba5ce524bef4cf17801d
                                                                            • Instruction ID: 6e74f3c0f5f6aeec7665b5ebf78d584273b0a724c0fb969998ab7a5d7d2685a9
                                                                            • Opcode Fuzzy Hash: addcd3fe58918c020aa7f225b824d4065e1537052742ba5ce524bef4cf17801d
                                                                            • Instruction Fuzzy Hash: ECF0B432602224A6DF235F629C09B5A3788BF417E0B19C512FD1EA6685CB3DDC0086B0
                                                                            Function 00773820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6,?,00741129), ref: 00773852
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: b238452ef7b2327c5380f2a4d71667ad07d1b90af121188c5c741f803ef1eb94
                                                                            • Instruction ID: 7829830aa4c1798ad20735f3a1dbbf2440a4b0ce6e71104e83dbc28419b96997
                                                                            • Opcode Fuzzy Hash: b238452ef7b2327c5380f2a4d71667ad07d1b90af121188c5c741f803ef1eb94
                                                                            • Instruction Fuzzy Hash: 1FE0E532201225DAEF212A669C09F9A3748AF427F0F058123FC1D92981CB3DDD01A1F2
                                                                            Function 00744F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FreeLibrary.KERNEL32(?,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744F6D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeLibrary
                                                                            • String ID:
                                                                            • API String ID: 3664257935-0
                                                                            • Opcode ID: 165d825702133fa29568c5099ffa7e31ca9eeeed5fb0af414b66abb24fdfd772
                                                                            • Instruction ID: a2fded8eaf466a059c91f34c1384dd1260185d24e0f5c868a5250cfc4b02af3e
                                                                            • Opcode Fuzzy Hash: 165d825702133fa29568c5099ffa7e31ca9eeeed5fb0af414b66abb24fdfd772
                                                                            • Instruction Fuzzy Hash: 6BF03071105752DFDB349F64D494912B7F4AF14319319897EE1EA82521C7399848EF10
                                                                            Function 007430F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0074314E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_
                                                                            • String ID:
                                                                            • API String ID: 1144537725-0
                                                                            • Opcode ID: 46dbcc0d521385e41aa70c0b5cdd2aeaa9c421b398e88bf06fdc295410b0a7f0
                                                                            • Instruction ID: ace3ddbef8bb8fddff6f4062410c62c5099fe842884d5a98190f4e1d0ba55985
                                                                            • Opcode Fuzzy Hash: 46dbcc0d521385e41aa70c0b5cdd2aeaa9c421b398e88bf06fdc295410b0a7f0
                                                                            • Instruction Fuzzy Hash: 52F0A7709003189FEB529B24DC497D57BBCBB01708F0040E5A64896286D7784788CF41
                                                                            Function 00742DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00742DC4
                                                                              • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongNamePath_wcslen
                                                                            • String ID:
                                                                            • API String ID: 541455249-0
                                                                            • Opcode ID: ddae1887ba196ba649c2c8488a77e385f33aacd237cb618ef6c8145e379e2c83
                                                                            • Instruction ID: a53dff89fb824b32face467db41aa278cdeca72cd8a2b9b1b194917becc4fb8e
                                                                            • Opcode Fuzzy Hash: ddae1887ba196ba649c2c8488a77e385f33aacd237cb618ef6c8145e379e2c83
                                                                            • Instruction Fuzzy Hash: 2DE0CD726011249BCB11A2589C09FDA77EDDFC8790F054071FD09E7248DA64AD80C655
                                                                            Function 00742B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00743837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00743908
                                                                              • Part of subcall function 0074D730: GetInputState.USER32 ref: 0074D807
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00742B6B
                                                                              • Part of subcall function 007430F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0074314E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                            • String ID:
                                                                            • API String ID: 3667716007-0
                                                                            • Opcode ID: 859ffcdba042ebcdca28f9c4786967fcc4792876a3cc688ab51801e487c353ef
                                                                            • Instruction ID: af07d8866d3efb6707fddbb9f95f77c79e5593d317fd4a440acb26d45596921a
                                                                            • Opcode Fuzzy Hash: 859ffcdba042ebcdca28f9c4786967fcc4792876a3cc688ab51801e487c353ef
                                                                            • Instruction Fuzzy Hash: CFE0262130020483CE04BB74985E4ADF35EDFD1711F40053EF24683163CF6C49898252
                                                                            Function 0078039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,00780704,?,?,00000000,?,00780704,00000000,0000000C), ref: 007803B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: eb2673c007b5cd495b3d55e643518a06e5a78caf4ee60bed3b95cf187b625f11
                                                                            • Instruction ID: 20b0b51c856acec72a5d0ab97ed2fba98526de2888fe199620d4ec9ee90f5149
                                                                            • Opcode Fuzzy Hash: eb2673c007b5cd495b3d55e643518a06e5a78caf4ee60bed3b95cf187b625f11
                                                                            • Instruction Fuzzy Hash: 17D06C3204010DBBDF028F84DD06EDA3BAAFB48714F018000BE1856020C736E821EB94
                                                                            Function 00741CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00741CBC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InfoParametersSystem
                                                                            • String ID:
                                                                            • API String ID: 3098949447-0
                                                                            • Opcode ID: f11ac4e2a3fda51ab6902bce07cdf6b6808a34e6149b9c00f359e2916d2ed2f9
                                                                            • Instruction ID: 08e5a822fc97d7257d99edee53ce544b2c1f5da70645190d2acb00cb9891278a
                                                                            • Opcode Fuzzy Hash: f11ac4e2a3fda51ab6902bce07cdf6b6808a34e6149b9c00f359e2916d2ed2f9
                                                                            • Instruction Fuzzy Hash: 6CC09B352803059FF6554780BC4EF90776DF748B00F14C101F70A555E3C3A51430D654

                                                                            Non-executed Functions

                                                                            Function 007D9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 007D961A
                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 007D965B
                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 007D969F
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007D96C9
                                                                            • SendMessageW.USER32 ref: 007D96F2
                                                                            • GetKeyState.USER32(00000011), ref: 007D978B
                                                                            • GetKeyState.USER32(00000009), ref: 007D9798
                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 007D97AE
                                                                            • GetKeyState.USER32(00000010), ref: 007D97B8
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007D97E9
                                                                            • SendMessageW.USER32 ref: 007D9810
                                                                            • SendMessageW.USER32(?,00001030,?,007D7E95), ref: 007D9918
                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 007D992E
                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 007D9941
                                                                            • SetCapture.USER32(?), ref: 007D994A
                                                                            • ClientToScreen.USER32(?,?), ref: 007D99AF
                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 007D99BC
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007D99D6
                                                                            • ReleaseCapture.USER32 ref: 007D99E1
                                                                            • GetCursorPos.USER32(?), ref: 007D9A19
                                                                            • ScreenToClient.USER32(?,?), ref: 007D9A26
                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 007D9A80
                                                                            • SendMessageW.USER32 ref: 007D9AAE
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 007D9AEB
                                                                            • SendMessageW.USER32 ref: 007D9B1A
                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 007D9B3B
                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 007D9B4A
                                                                            • GetCursorPos.USER32(?), ref: 007D9B68
                                                                            • ScreenToClient.USER32(?,?), ref: 007D9B75
                                                                            • GetParent.USER32(?), ref: 007D9B93
                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 007D9BFA
                                                                            • SendMessageW.USER32 ref: 007D9C2B
                                                                            • ClientToScreen.USER32(?,?), ref: 007D9C84
                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 007D9CB4
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 007D9CDE
                                                                            • SendMessageW.USER32 ref: 007D9D01
                                                                            • ClientToScreen.USER32(?,?), ref: 007D9D4E
                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 007D9D82
                                                                              • Part of subcall function 00759944: GetWindowLongW.USER32(?,000000EB), ref: 00759952
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 007D9E05
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                            • String ID: @GUI_DRAGID$F
                                                                            • API String ID: 3429851547-4164748364
                                                                            • Opcode ID: 35d2f706828bafbe60c4a2990d90d0c47a4eaae5197ebffdb0be72d6da7fac94
                                                                            • Instruction ID: 7b7766648e7011cf021461cba7b213679da4cde0482bbf665fa7d58f2ff903d6
                                                                            • Opcode Fuzzy Hash: 35d2f706828bafbe60c4a2990d90d0c47a4eaae5197ebffdb0be72d6da7fac94
                                                                            • Instruction Fuzzy Hash: 38428A34205201EFDB25CF24CC48AAABBF9FF49320F14465AF699973A1D739E864CB51
                                                                            Function 007D4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 007D48F3
                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 007D4908
                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 007D4927
                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 007D494B
                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 007D495C
                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 007D497B
                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 007D49AE
                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 007D49D4
                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 007D4A0F
                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 007D4A56
                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 007D4A7E
                                                                            • IsMenu.USER32(?), ref: 007D4A97
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007D4AF2
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007D4B20
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 007D4B94
                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 007D4BE3
                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 007D4C82
                                                                            • wsprintfW.USER32 ref: 007D4CAE
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 007D4CC9
                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 007D4CF1
                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 007D4D13
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 007D4D33
                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 007D4D5A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                            • String ID: %d/%02d/%02d
                                                                            • API String ID: 4054740463-328681919
                                                                            • Opcode ID: f2b9e6e92394304ef89e22657518ee47751b823de8487037750a4042dece5382
                                                                            • Instruction ID: 89df7b3977917550a4b555093aac3e6d725a15e01b90c15fcb310037cf22c84c
                                                                            • Opcode Fuzzy Hash: f2b9e6e92394304ef89e22657518ee47751b823de8487037750a4042dece5382
                                                                            • Instruction Fuzzy Hash: 7B12FF71600215ABEB258F28CC49FAE7BF8FF45310F14816AF956EB2E1DB789941CB50
                                                                            Function 0075F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0075F998
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0079F474
                                                                            • IsIconic.USER32(00000000), ref: 0079F47D
                                                                            • ShowWindow.USER32(00000000,00000009), ref: 0079F48A
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0079F494
                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0079F4AA
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0079F4B1
                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0079F4BD
                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0079F4CE
                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0079F4D6
                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0079F4DE
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0079F4E1
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0079F4F6
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0079F501
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0079F50B
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0079F510
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0079F519
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0079F51E
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0079F528
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0079F52D
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0079F530
                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0079F557
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 4125248594-2988720461
                                                                            • Opcode ID: e1df48fd59321761c5b293bfda9f854187f9343df166d749f5b9ddc30948c19d
                                                                            • Instruction ID: 07fd11f38ddac9e39f2b18151bc0d5071a03cedfb9b0aa4e8f3ca2a8e03601bd
                                                                            • Opcode Fuzzy Hash: e1df48fd59321761c5b293bfda9f854187f9343df166d749f5b9ddc30948c19d
                                                                            • Instruction Fuzzy Hash: 8831B471A40219BBEF216BB55C4AFBF7F7CEB44B50F204066FA01E61D1C6B89D10EA64
                                                                            Function 007A1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007A16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 007A170D
                                                                              • Part of subcall function 007A16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 007A173A
                                                                              • Part of subcall function 007A16C3: GetLastError.KERNEL32 ref: 007A174A
                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 007A1286
                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 007A12A8
                                                                            • CloseHandle.KERNEL32(?), ref: 007A12B9
                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 007A12D1
                                                                            • GetProcessWindowStation.USER32 ref: 007A12EA
                                                                            • SetProcessWindowStation.USER32(00000000), ref: 007A12F4
                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 007A1310
                                                                              • Part of subcall function 007A10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,007A11FC), ref: 007A10D4
                                                                              • Part of subcall function 007A10BF: CloseHandle.KERNEL32(?,?,007A11FC), ref: 007A10E9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                            • String ID: $default$winsta0
                                                                            • API String ID: 22674027-1027155976
                                                                            • Opcode ID: 10c445be159168aabb0eb5c89f68b4d2d3e8c364464409b5ee42b3693c676922
                                                                            • Instruction ID: 10dbac2943a1a1b025d7af13e5c539bfb25303c3479f6d54e1247d78944740fb
                                                                            • Opcode Fuzzy Hash: 10c445be159168aabb0eb5c89f68b4d2d3e8c364464409b5ee42b3693c676922
                                                                            • Instruction Fuzzy Hash: CF81B071900249AFEF119FA8DC49FEE7BB9FF49700F14822AF911E61A0C7398944CB65
                                                                            Function 007A0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007A10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 007A1114
                                                                              • Part of subcall function 007A10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1120
                                                                              • Part of subcall function 007A10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A112F
                                                                              • Part of subcall function 007A10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1136
                                                                              • Part of subcall function 007A10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 007A114D
                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 007A0BCC
                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 007A0C00
                                                                            • GetLengthSid.ADVAPI32(?), ref: 007A0C17
                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 007A0C51
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 007A0C6D
                                                                            • GetLengthSid.ADVAPI32(?), ref: 007A0C84
                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 007A0C8C
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 007A0C93
                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 007A0CB4
                                                                            • CopySid.ADVAPI32(00000000), ref: 007A0CBB
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 007A0CEA
                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 007A0D0C
                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 007A0D1E
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0D45
                                                                            • HeapFree.KERNEL32(00000000), ref: 007A0D4C
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0D55
                                                                            • HeapFree.KERNEL32(00000000), ref: 007A0D5C
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0D65
                                                                            • HeapFree.KERNEL32(00000000), ref: 007A0D6C
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 007A0D78
                                                                            • HeapFree.KERNEL32(00000000), ref: 007A0D7F
                                                                              • Part of subcall function 007A1193: GetProcessHeap.KERNEL32(00000008,007A0BB1,?,00000000,?,007A0BB1,?), ref: 007A11A1
                                                                              • Part of subcall function 007A1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,007A0BB1,?), ref: 007A11A8
                                                                              • Part of subcall function 007A1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,007A0BB1,?), ref: 007A11B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                            • String ID:
                                                                            • API String ID: 4175595110-0
                                                                            • Opcode ID: 30e0628bca4c0b0c0abaac3ffcb71b9b62446ff1771aba3c8f55ca559d9d22d0
                                                                            • Instruction ID: ad3febceca84aa36a260299f142c48ed67b9660588a7c79c016c7581875fb37c
                                                                            • Opcode Fuzzy Hash: 30e0628bca4c0b0c0abaac3ffcb71b9b62446ff1771aba3c8f55ca559d9d22d0
                                                                            • Instruction Fuzzy Hash: 3471AC72A0021AEBDF11DFA4DC49FEEBBB8BF45310F048A15F914A7191D779A905CBA0
                                                                            Function 007BEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OpenClipboard.USER32(007DCC08), ref: 007BEB29
                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 007BEB37
                                                                            • GetClipboardData.USER32(0000000D), ref: 007BEB43
                                                                            • CloseClipboard.USER32 ref: 007BEB4F
                                                                            • GlobalLock.KERNEL32(00000000), ref: 007BEB87
                                                                            • CloseClipboard.USER32 ref: 007BEB91
                                                                            • GlobalUnlock.KERNEL32(00000000,00000000), ref: 007BEBBC
                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 007BEBC9
                                                                            • GetClipboardData.USER32(00000001), ref: 007BEBD1
                                                                            • GlobalLock.KERNEL32(00000000), ref: 007BEBE2
                                                                            • GlobalUnlock.KERNEL32(00000000,?), ref: 007BEC22
                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 007BEC38
                                                                            • GetClipboardData.USER32(0000000F), ref: 007BEC44
                                                                            • GlobalLock.KERNEL32(00000000), ref: 007BEC55
                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 007BEC77
                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 007BEC94
                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 007BECD2
                                                                            • GlobalUnlock.KERNEL32(00000000,?,?), ref: 007BECF3
                                                                            • CountClipboardFormats.USER32 ref: 007BED14
                                                                            • CloseClipboard.USER32 ref: 007BED59
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                            • String ID:
                                                                            • API String ID: 420908878-0
                                                                            • Opcode ID: dddb36f2b57391a9563c2aa906ad9df43f9f6a4dbaf00e5ea9a46ea768c4eaac
                                                                            • Instruction ID: 7603296f6ad484c5c85b352dae460555c96b4d457d8c05333396c539711fcb64
                                                                            • Opcode Fuzzy Hash: dddb36f2b57391a9563c2aa906ad9df43f9f6a4dbaf00e5ea9a46ea768c4eaac
                                                                            • Instruction Fuzzy Hash: 5061C2752042029FD301EF24D888FAAB7B8BF84714F18855EF456973A2CB79ED05CB62
                                                                            Function 007B698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 007B69BE
                                                                            • FindClose.KERNEL32(00000000), ref: 007B6A12
                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007B6A4E
                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007B6A75
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 007B6AB2
                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 007B6ADF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                            • API String ID: 3830820486-3289030164
                                                                            • Opcode ID: 881dc9949c78c19c5c224d6c43f944078b0abcbc0e4fbe04d49d8695b5e3028d
                                                                            • Instruction ID: 2fc844a59b73356c516a018c3d31164d900704e606b4232282a854c17feb0100
                                                                            • Opcode Fuzzy Hash: 881dc9949c78c19c5c224d6c43f944078b0abcbc0e4fbe04d49d8695b5e3028d
                                                                            • Instruction Fuzzy Hash: 1FD151B2508340EEC714EBA4C885EAFB7ECBF88704F44491DF585D6191EB79DA48CB62
                                                                            Function 007B9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 007B9663
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 007B96A1
                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 007B96BB
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 007B96D3
                                                                            • FindClose.KERNEL32(00000000), ref: 007B96DE
                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 007B96FA
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B974A
                                                                            • SetCurrentDirectoryW.KERNEL32(00806B7C), ref: 007B9768
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 007B9772
                                                                            • FindClose.KERNEL32(00000000), ref: 007B977F
                                                                            • FindClose.KERNEL32(00000000), ref: 007B978F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                            • String ID: *.*
                                                                            • API String ID: 1409584000-438819550
                                                                            • Opcode ID: bde8a3cdde9e6e647cd5b9d1843fe739b50888a96164ecbcb3990f2e08352e9f
                                                                            • Instruction ID: 78b39085da6e693403e721fed2847496defdf94ebf5386c32cdba5437178cce7
                                                                            • Opcode Fuzzy Hash: bde8a3cdde9e6e647cd5b9d1843fe739b50888a96164ecbcb3990f2e08352e9f
                                                                            • Instruction Fuzzy Hash: 1231B27254121A6EDF11AFB4DC48BDE77BCAF09320F108156EA25E2190EB3CD940CA64
                                                                            Function 007B979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 007B97BE
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 007B9819
                                                                            • FindClose.KERNEL32(00000000), ref: 007B9824
                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 007B9840
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B9890
                                                                            • SetCurrentDirectoryW.KERNEL32(00806B7C), ref: 007B98AE
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 007B98B8
                                                                            • FindClose.KERNEL32(00000000), ref: 007B98C5
                                                                            • FindClose.KERNEL32(00000000), ref: 007B98D5
                                                                              • Part of subcall function 007ADAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 007ADB00
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                            • String ID: *.*
                                                                            • API String ID: 2640511053-438819550
                                                                            • Opcode ID: a443a226e5a372aab87efe44854cc653685ae25d0187c8a7a2f256b98144ab6d
                                                                            • Instruction ID: 65f31e997eb15213e12e5f74331edc91b437baa118994226d75931e842e27b96
                                                                            • Opcode Fuzzy Hash: a443a226e5a372aab87efe44854cc653685ae25d0187c8a7a2f256b98144ab6d
                                                                            • Instruction Fuzzy Hash: 3731C37150161AAEDF11AFB4DC48BDE77BCAF06320F108156EA24E21E0DB39DD54CA64
                                                                            Function 007CBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007CB6AE,?,?), ref: 007CC9B5
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CC9F1
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA68
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007CBF3E
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 007CBFA9
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 007CBFCD
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 007CC02C
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 007CC0E7
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007CC154
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007CC1E9
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 007CC23A
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007CC2E3
                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 007CC382
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 007CC38F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                            • String ID:
                                                                            • API String ID: 3102970594-0
                                                                            • Opcode ID: de85e110b5a73a9e0b17dd04f675ca8f432c2a3c1bb327731f90a0d95532e61d
                                                                            • Instruction ID: f716bbac8e5fdbe4ff33795084091768dab4e7b0eacefef30c427c41763a4353
                                                                            • Opcode Fuzzy Hash: de85e110b5a73a9e0b17dd04f675ca8f432c2a3c1bb327731f90a0d95532e61d
                                                                            • Instruction Fuzzy Hash: 53023871604240EFD715DF28C895E2ABBE5AF89308F18849DF84ADB2A2D735EC45CB52
                                                                            Function 007B8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLocalTime.KERNEL32(?), ref: 007B8257
                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 007B8267
                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 007B8273
                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007B8310
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B8324
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B8356
                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 007B838C
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B8395
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                            • String ID: *.*
                                                                            • API String ID: 1464919966-438819550
                                                                            • Opcode ID: 3f1fe000ee6a3e320e87930f3ea93a7648b516ab4f8070df5636b51dd0238f8d
                                                                            • Instruction ID: e3aea9f663e1e3297cfe588b34c1d97a2f9f56bdb31b4b4fffd5a79236b1c48d
                                                                            • Opcode Fuzzy Hash: 3f1fe000ee6a3e320e87930f3ea93a7648b516ab4f8070df5636b51dd0238f8d
                                                                            • Instruction Fuzzy Hash: 8F6148725043459FCB50EF64C844AAEB3ECFF89314F04891EF99987251EB39E945CB92
                                                                            Function 007AD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00743AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00743A97,?,?,00742E7F,?,?,?,00000000), ref: 00743AC2
                                                                              • Part of subcall function 007AE199: GetFileAttributesW.KERNEL32(?,007ACF95), ref: 007AE19A
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 007AD122
                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 007AD1DD
                                                                            • MoveFileW.KERNEL32(?,?), ref: 007AD1F0
                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 007AD20D
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 007AD237
                                                                              • Part of subcall function 007AD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,007AD21C,?,?), ref: 007AD2B2
                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 007AD253
                                                                            • FindClose.KERNEL32(00000000), ref: 007AD264
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                            • String ID: \*.*
                                                                            • API String ID: 1946585618-1173974218
                                                                            • Opcode ID: b285d9976ce0183ba04c0316aa43106180ec25d0885a4424c18e8b0ecf5d0a63
                                                                            • Instruction ID: 8422592a81206b25d403e322a40778abb78306a78bf119715bf0c347b9597196
                                                                            • Opcode Fuzzy Hash: b285d9976ce0183ba04c0316aa43106180ec25d0885a4424c18e8b0ecf5d0a63
                                                                            • Instruction Fuzzy Hash: 90615F3180114DEBCF15EBE0D996AEDB779BF56300F208265E40677192EB386F09CB61
                                                                            Function 007BED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                            • String ID:
                                                                            • API String ID: 1737998785-0
                                                                            • Opcode ID: 90dca3a0765156debcca3fdd8a9f58b203c7c6be2a6ff1e59a1facd59953ed07
                                                                            • Instruction ID: 4b8800ca4a0ff87aa9cfa44ab98f0d28c19d4bde79f499a99a880fe832c11bd7
                                                                            • Opcode Fuzzy Hash: 90dca3a0765156debcca3fdd8a9f58b203c7c6be2a6ff1e59a1facd59953ed07
                                                                            • Instruction Fuzzy Hash: 7F419E35605612EFE721DF15D888B99BBE5FF44318F18C09AE8158B762C779EC41CB90
                                                                            Function 007AE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007A16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 007A170D
                                                                              • Part of subcall function 007A16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 007A173A
                                                                              • Part of subcall function 007A16C3: GetLastError.KERNEL32 ref: 007A174A
                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 007AE932
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                            • API String ID: 2234035333-3163812486
                                                                            • Opcode ID: 03a20a7a36538af20ed951d8212a797a9c15bdd9ba36aac1e390e4ffd9121799
                                                                            • Instruction ID: d101a407932f6ec6231e73eca6b3962db4a9df2320ee08dddf7f2445ef434bed
                                                                            • Opcode Fuzzy Hash: 03a20a7a36538af20ed951d8212a797a9c15bdd9ba36aac1e390e4ffd9121799
                                                                            • Instruction Fuzzy Hash: AA012632610311ABEB5422B49C8ABBB726CAB86740F154622F803E21D1E5AC7C4081A6
                                                                            Function 007C1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 007C1276
                                                                            • WSAGetLastError.WSOCK32 ref: 007C1283
                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 007C12BA
                                                                            • WSAGetLastError.WSOCK32 ref: 007C12C5
                                                                            • closesocket.WSOCK32(00000000), ref: 007C12F4
                                                                            • listen.WSOCK32(00000000,00000005), ref: 007C1303
                                                                            • WSAGetLastError.WSOCK32 ref: 007C130D
                                                                            • closesocket.WSOCK32(00000000), ref: 007C133C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                            • String ID:
                                                                            • API String ID: 540024437-0
                                                                            • Opcode ID: 78fdd3c7829f39d7be2155f5cdf3cfc9726ecb62c34f2d3702790ca61d74b182
                                                                            • Instruction ID: 9c548a33999b67b554dee07271f3cb93eab6eb662a28f6da814d791213394201
                                                                            • Opcode Fuzzy Hash: 78fdd3c7829f39d7be2155f5cdf3cfc9726ecb62c34f2d3702790ca61d74b182
                                                                            • Instruction Fuzzy Hash: CD417C35A001419FD710DF24C488F2ABBE6BF46318F58819DE8568F293C779EC81CBA1
                                                                            Function 007AD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00743AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00743A97,?,?,00742E7F,?,?,?,00000000), ref: 00743AC2
                                                                              • Part of subcall function 007AE199: GetFileAttributesW.KERNEL32(?,007ACF95), ref: 007AE19A
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 007AD420
                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 007AD470
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 007AD481
                                                                            • FindClose.KERNEL32(00000000), ref: 007AD498
                                                                            • FindClose.KERNEL32(00000000), ref: 007AD4A1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                            • String ID: \*.*
                                                                            • API String ID: 2649000838-1173974218
                                                                            • Opcode ID: 484ed33afec96670837794697d221126ff202270f2b4f771e31e9b95142811e9
                                                                            • Instruction ID: 9299a5974ba8dece058e6461b1b65fe616bba4de09dcce1891c8f53c56f6867b
                                                                            • Opcode Fuzzy Hash: 484ed33afec96670837794697d221126ff202270f2b4f771e31e9b95142811e9
                                                                            • Instruction Fuzzy Hash: 943182710093859FC315EF64C8598AFB7A8BE96304F444A1EF8D693191EB38AE09C763
                                                                            Function 0077E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __floor_pentium4
                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                            • API String ID: 4168288129-2761157908
                                                                            • Opcode ID: 6da608e357f122b9438bfc2e49348ad726fd78cc2f58cc33a91118d659d08929
                                                                            • Instruction ID: 0cf29337451bf9f21573dfb1c974befc1d73081e48b1a69f6eb76876a428ebc4
                                                                            • Opcode Fuzzy Hash: 6da608e357f122b9438bfc2e49348ad726fd78cc2f58cc33a91118d659d08929
                                                                            • Instruction Fuzzy Hash: B8C23C72E046288FDF25CE28DD447EAB7B5EB49344F1481EAD84DE7241E778AE818F40
                                                                            Function 007B648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 007B64DC
                                                                            • CoInitialize.OLE32(00000000), ref: 007B6639
                                                                            • CoCreateInstance.OLE32(007DFCF8,00000000,00000001,007DFB68,?), ref: 007B6650
                                                                            • CoUninitialize.OLE32 ref: 007B68D4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                            • String ID: .lnk
                                                                            • API String ID: 886957087-24824748
                                                                            • Opcode ID: 2b9e1861482e99781c93e101dbe3215d0d12340be7938e5ca62ae0461df22bfa
                                                                            • Instruction ID: 264eb2060f418d61e8344a0fc5eaf4c17fefb9ef2eb40571867932e672e29971
                                                                            • Opcode Fuzzy Hash: 2b9e1861482e99781c93e101dbe3215d0d12340be7938e5ca62ae0461df22bfa
                                                                            • Instruction Fuzzy Hash: 60D149715082019FC314DF24C885EABB7E8FF94704F14495DF6958B2A1EB79E909CBA2
                                                                            Function 007C22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 007C22E8
                                                                              • Part of subcall function 007BE4EC: GetWindowRect.USER32(?,?), ref: 007BE504
                                                                            • GetDesktopWindow.USER32 ref: 007C2312
                                                                            • GetWindowRect.USER32(00000000), ref: 007C2319
                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 007C2355
                                                                            • GetCursorPos.USER32(?), ref: 007C2381
                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 007C23DF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                            • String ID:
                                                                            • API String ID: 2387181109-0
                                                                            • Opcode ID: 5ba3492fa0cb27629d69c30a758d210164108682f51189d3bfa928559d9e2ffd
                                                                            • Instruction ID: 86920ef6e9d624f63d4f0848aaa1402141f8642be0edc984e2e00b76b443268b
                                                                            • Opcode Fuzzy Hash: 5ba3492fa0cb27629d69c30a758d210164108682f51189d3bfa928559d9e2ffd
                                                                            • Instruction Fuzzy Hash: 6031ED72105346ABC720DF14D808F9BBBA9FF84710F000A1EF98597182DB38EA09CB96
                                                                            Function 007B9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 007B9B78
                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 007B9C8B
                                                                              • Part of subcall function 007B3874: GetInputState.USER32 ref: 007B38CB
                                                                              • Part of subcall function 007B3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007B3966
                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 007B9BA8
                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 007B9C75
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                            • String ID: *.*
                                                                            • API String ID: 1972594611-438819550
                                                                            • Opcode ID: 195936dfa01ef6c7cf1a4f328359be1ed7f5c1f1d76ca04ee627643e5f9649fc
                                                                            • Instruction ID: 6df4c3a3fe93d7a6d589c12c77e463cd4b3a4e3f148d83936397477372df0a01
                                                                            • Opcode Fuzzy Hash: 195936dfa01ef6c7cf1a4f328359be1ed7f5c1f1d76ca04ee627643e5f9649fc
                                                                            • Instruction Fuzzy Hash: 88415FB194420ADFDF15DFB4C889BEEBBB8FF05310F244156EA15A2191EB389E44CB60
                                                                            Function 00748060 Relevance: 8.7, Strings: 6, Instructions: 1151COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • VUUU, xrefs: 0074843C
                                                                            • VUUU, xrefs: 007483FA
                                                                            • _______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{, xrefs: 00785D04
                                                                            • VUUU, xrefs: 007483E8
                                                                            • VUUU, xrefs: 00785DF0
                                                                            • ERCP, xrefs: 0074813C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU$_______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{
                                                                            • API String ID: 0-2009957334
                                                                            • Opcode ID: 9300ffd2b16456630111e195987af7a4ea873d05a00c203c4573943a98b66a53
                                                                            • Instruction ID: 840126ccd87ec97152151a5db12ee108148ab52f00991a42412a08c22fc2c3d5
                                                                            • Opcode Fuzzy Hash: 9300ffd2b16456630111e195987af7a4ea873d05a00c203c4573943a98b66a53
                                                                            • Instruction Fuzzy Hash: 08A29070E4021ECBDF64DF58C8447ADB7B1BF54314F2481AAD815AB285EB789D81CF92
                                                                            Function 0075997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00759A4E
                                                                            • GetSysColor.USER32(0000000F), ref: 00759B23
                                                                            • SetBkColor.GDI32(?,00000000), ref: 00759B36
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$LongProcWindow
                                                                            • String ID:
                                                                            • API String ID: 3131106179-0
                                                                            • Opcode ID: 08cf48e9a915c23d54b48b0aa70855acb6569f92ec3256af8b045642e8793616
                                                                            • Instruction ID: 010fc906a730a9d7a6a5a043ef92f775645a90eb1ace0406cb34849765408bbe
                                                                            • Opcode Fuzzy Hash: 08cf48e9a915c23d54b48b0aa70855acb6569f92ec3256af8b045642e8793616
                                                                            • Instruction Fuzzy Hash: BDA12CB0218544FEEF2D9A3C9C4DDFB2A6DEB42302F14810AFB12D6691CA6D9D05C275
                                                                            Function 007C1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007C307A
                                                                              • Part of subcall function 007C304E: _wcslen.LIBCMT ref: 007C309B
                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 007C185D
                                                                            • WSAGetLastError.WSOCK32 ref: 007C1884
                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 007C18DB
                                                                            • WSAGetLastError.WSOCK32 ref: 007C18E6
                                                                            • closesocket.WSOCK32(00000000), ref: 007C1915
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                            • String ID:
                                                                            • API String ID: 1601658205-0
                                                                            • Opcode ID: 9ad091ab15fa8bab511c4edd7a9c3e51eda6b5f4eb5f9520664151e0dd778078
                                                                            • Instruction ID: b487d21dd67bd8db9118862d6d255fd5e473b1753fa1064d47bb3c656a39e9db
                                                                            • Opcode Fuzzy Hash: 9ad091ab15fa8bab511c4edd7a9c3e51eda6b5f4eb5f9520664151e0dd778078
                                                                            • Instruction Fuzzy Hash: D851B371A00210AFDB11AF24C88AF6AB7E5AB45718F58849CF9055F3D3C779AD41CBE1
                                                                            Function 007D1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                            • String ID:
                                                                            • API String ID: 292994002-0
                                                                            • Opcode ID: 48b64d6fbdb6b5159d96ae4305b195e8850794a444aa8d561744881c99f69900
                                                                            • Instruction ID: f448ee6c20c43abb12ee95d83dd9085189ce9005c9e253f6c482f25cbdbdf340
                                                                            • Opcode Fuzzy Hash: 48b64d6fbdb6b5159d96ae4305b195e8850794a444aa8d561744881c99f69900
                                                                            • Instruction Fuzzy Hash: 53210731751201AFD7218F1AC844B167BF5EF84320F58805AE84ACB351D779DC42CBA4
                                                                            Function 007AAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 007AAAAC
                                                                            • SetKeyboardState.USER32(00000080), ref: 007AAAC8
                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 007AAB36
                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 007AAB88
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                            • String ID:
                                                                            • API String ID: 432972143-0
                                                                            • Opcode ID: b3a7eeb49fb6cdbffa2b7e343bac9bb9a55e6d82f40f550b8854efcdfa2f7287
                                                                            • Instruction ID: c545e8b2a464e67e7c64100982010727c283b49b8893f75264980ffcc69ea055
                                                                            • Opcode Fuzzy Hash: b3a7eeb49fb6cdbffa2b7e343bac9bb9a55e6d82f40f550b8854efcdfa2f7287
                                                                            • Instruction Fuzzy Hash: 843105B0A40248BEFF358B64CC09BFA7BA6ABC6310F04831AE181965D1D37D8991C776
                                                                            Function 0077BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 0077BB7F
                                                                              • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                              • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                            • GetTimeZoneInformation.KERNEL32 ref: 0077BB91
                                                                            • WideCharToMultiByte.KERNEL32(00000000,?,0081121C,000000FF,?,0000003F,?,?), ref: 0077BC09
                                                                            • WideCharToMultiByte.KERNEL32(00000000,?,00811270,000000FF,?,0000003F,?,?,?,0081121C,000000FF,?,0000003F,?,?), ref: 0077BC36
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                            • String ID:
                                                                            • API String ID: 806657224-0
                                                                            • Opcode ID: f216a838aed47e859d5ccdde325fcc1613824243e5646adedcfccdd4d18fb7db
                                                                            • Instruction ID: 810123d9eb2bf6dc4c5a03584ab08c9a40242b393c8a8cdf480dd8612780a5ef
                                                                            • Opcode Fuzzy Hash: f216a838aed47e859d5ccdde325fcc1613824243e5646adedcfccdd4d18fb7db
                                                                            • Instruction Fuzzy Hash: FF31CE70904205DFCF12DF68CC84AA9BBB8FF45790B14C6AAE628D72B1D7389D41CB60
                                                                            Function 007BCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 007BCE89
                                                                            • GetLastError.KERNEL32(?,00000000), ref: 007BCEEA
                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 007BCEFE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                            • String ID:
                                                                            • API String ID: 234945975-0
                                                                            • Opcode ID: a1a56db92567145aeb11da88be65d27981a709d2e91865d8877af2ffff1a26a6
                                                                            • Instruction ID: 4be0573a232f2ab179390f16e8a5dde68f5a47d1ea4eb3c40d2db5a82bef213d
                                                                            • Opcode Fuzzy Hash: a1a56db92567145aeb11da88be65d27981a709d2e91865d8877af2ffff1a26a6
                                                                            • Instruction Fuzzy Hash: 00219DB2600306DFEB22DFA5C949BA777F8EB50354F10841EE546D2151E778EE04CBA4
                                                                            Function 007A8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 007A82AA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: lstrlen
                                                                            • String ID: ($|
                                                                            • API String ID: 1659193697-1631851259
                                                                            • Opcode ID: 1099f71cd5d9617c8271d0f4cd62c98f6ca88eb9fa2382108d7bc210620a4c3a
                                                                            • Instruction ID: a5855b4ad15d233d8f436d5a372f021f407ebca765f3b6e12762f914ca002265
                                                                            • Opcode Fuzzy Hash: 1099f71cd5d9617c8271d0f4cd62c98f6ca88eb9fa2382108d7bc210620a4c3a
                                                                            • Instruction Fuzzy Hash: B9324575A00605DFCB68CF59C481A6AB7F0FF88710B15C56EE49ADB3A1EB74E941CB40
                                                                            Function 007B5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 007B5CC1
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 007B5D17
                                                                            • FindClose.KERNEL32(?), ref: 007B5D5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$CloseFirstNext
                                                                            • String ID:
                                                                            • API String ID: 3541575487-0
                                                                            • Opcode ID: 142563fe0e747c8f27b8565225e6eeca9e4f1f255cd87b07178443db3a40aca0
                                                                            • Instruction ID: fd55e78ef925ed76e646f27fbf05f6c68b3ea5c5cd597f002b9d02e9f41c7370
                                                                            • Opcode Fuzzy Hash: 142563fe0e747c8f27b8565225e6eeca9e4f1f255cd87b07178443db3a40aca0
                                                                            • Instruction Fuzzy Hash: 8C517875604A019FC714CF28C498B96B7E4FF49314F14865EE95A8B3A1DB38FD04CB91
                                                                            Function 00772622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsDebuggerPresent.KERNEL32 ref: 0077271A
                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00772724
                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00772731
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                            • String ID:
                                                                            • API String ID: 3906539128-0
                                                                            • Opcode ID: da2a023df19d11541c67687a97a99e4e8552f577f3d0e006c475c0ce16abd0b1
                                                                            • Instruction ID: 3750d5a3282939505800d142e467e32ae1dae5ed4c7fb8314a9a7909e35ad931
                                                                            • Opcode Fuzzy Hash: da2a023df19d11541c67687a97a99e4e8552f577f3d0e006c475c0ce16abd0b1
                                                                            • Instruction Fuzzy Hash: F331D7749112189BCB21DF64DD8879DBBB8BF08350F5082DAE81CA7261E7349F858F85
                                                                            Function 007B51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 007B51DA
                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 007B5238
                                                                            • SetErrorMode.KERNEL32(00000000), ref: 007B52A1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                            • String ID:
                                                                            • API String ID: 1682464887-0
                                                                            • Opcode ID: d3c18859b91c13cbb61ebea8f07dd981faadf3e1b39c36f733bfdd725d7e8463
                                                                            • Instruction ID: ce47051e3126946996cc67f67d7bda9472ec757bd8b193b77ba21512889f07a4
                                                                            • Opcode Fuzzy Hash: d3c18859b91c13cbb61ebea8f07dd981faadf3e1b39c36f733bfdd725d7e8463
                                                                            • Instruction Fuzzy Hash: FF313A75A00518DFDB01DF54D888BEDBBB5FF49314F088099E805AB362DB3AE856CB90
                                                                            Function 007A16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0075FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00760668
                                                                              • Part of subcall function 0075FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00760685
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 007A170D
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 007A173A
                                                                            • GetLastError.KERNEL32 ref: 007A174A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                            • String ID:
                                                                            • API String ID: 577356006-0
                                                                            • Opcode ID: 1cca4d6868345e0e9536a11dd42b0c5982e34b1314d13060e9180177c812241d
                                                                            • Instruction ID: 7deeec5be5dbac7f66ef8211b675486fed1686424a2b6f676ab5c4d65da155f9
                                                                            • Opcode Fuzzy Hash: 1cca4d6868345e0e9536a11dd42b0c5982e34b1314d13060e9180177c812241d
                                                                            • Instruction Fuzzy Hash: 2011CEB2500305AFE718AF54DC8ADAAB7B9EB44714B20C52EE45697241EB74BC41CA24
                                                                            Function 007AD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 007AD608
                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 007AD645
                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 007AD650
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                            • String ID:
                                                                            • API String ID: 33631002-0
                                                                            • Opcode ID: f07c5929d466f3f5eb077ad8470a3eb8f9dea628415fe53f6b43d3e2caf37f5a
                                                                            • Instruction ID: a0c02cf41afec75dc613890e0b22ed38f10fe8ac7483a3971dae7905e32e5459
                                                                            • Opcode Fuzzy Hash: f07c5929d466f3f5eb077ad8470a3eb8f9dea628415fe53f6b43d3e2caf37f5a
                                                                            • Instruction Fuzzy Hash: B8118E71E05228BFDB208F94DC44FAFBBBCEB45B50F108112F904E7290C2744E018BA1
                                                                            Function 007A1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 007A168C
                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 007A16A1
                                                                            • FreeSid.ADVAPI32(?), ref: 007A16B1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                            • String ID:
                                                                            • API String ID: 3429775523-0
                                                                            • Opcode ID: 60edcc2fca925a5befd2020e8575b9b1f8a656f19991a6ffe741f34adadb8d44
                                                                            • Instruction ID: 9c561b2cc3e11b25d07a5f850652a626016738f67fe74d5909e837fdcebd2b85
                                                                            • Opcode Fuzzy Hash: 60edcc2fca925a5befd2020e8575b9b1f8a656f19991a6ffe741f34adadb8d44
                                                                            • Instruction Fuzzy Hash: 49F0F471951309FBEF00DFE49C89AAEBBBCEB08604F508565E601E2181E778AA448A54
                                                                            Function 0079D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0079D28C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: NameUser
                                                                            • String ID: X64
                                                                            • API String ID: 2645101109-893830106
                                                                            • Opcode ID: 380385418fc74cc0669f815552abe2a984a08d9c4f038ce0ce2124fe1b367c27
                                                                            • Instruction ID: ce2773d6972abcb0229673cd8bde01c6e0048b80ab658e28ec362886dacdefa1
                                                                            • Opcode Fuzzy Hash: 380385418fc74cc0669f815552abe2a984a08d9c4f038ce0ce2124fe1b367c27
                                                                            • Instruction Fuzzy Hash: ECD0C9B480111DEACFA0CB90EC88DD9B37CBB04305F104152F506A2080D77899488F10
                                                                            Function 0076CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                            • Instruction ID: 0d30c3192e983c46a508081a7c3141f0aa3b1480a6ff8a13304c16cbea582cb3
                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                            • Instruction Fuzzy Hash: 25023D72E002199FDF15CFA9C8806ADFBF5EF48314F25816AD85AE7380D735AA418B94
                                                                            Function 007B68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 007B6918
                                                                            • FindClose.KERNEL32(00000000), ref: 007B6961
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$CloseFileFirst
                                                                            • String ID:
                                                                            • API String ID: 2295610775-0
                                                                            • Opcode ID: 6a08923d23e1fd3f38d77f8b7f8cdb6ceb81357d476f89682efdd8e879ef4bd5
                                                                            • Instruction ID: d06a69cc9c8382b41b373b2ddd0735ece375567fda0755d63c02b7cd12053d24
                                                                            • Opcode Fuzzy Hash: 6a08923d23e1fd3f38d77f8b7f8cdb6ceb81357d476f89682efdd8e879ef4bd5
                                                                            • Instruction Fuzzy Hash: 9D1190716042119FD714DF29D488A16BBE5FF85328F14C69DE9698F2A2C738FC05CB91
                                                                            Function 007B37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,007C4891,?,?,00000035,?), ref: 007B37E4
                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,007C4891,?,?,00000035,?), ref: 007B37F4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorFormatLastMessage
                                                                            • String ID:
                                                                            • API String ID: 3479602957-0
                                                                            • Opcode ID: 4790e42b69a78e539a2b6288c88521ba6214d888e7ac489218912fe445855ba5
                                                                            • Instruction ID: e0e234ce7997a8798a51e9f44244516cf71df90e2d220d4e22275212c5f8a42f
                                                                            • Opcode Fuzzy Hash: 4790e42b69a78e539a2b6288c88521ba6214d888e7ac489218912fe445855ba5
                                                                            • Instruction Fuzzy Hash: C0F0E5B06052296AE72027769C8DFEB3BAEEFC4761F000265F609D2281DA749944C7B0
                                                                            Function 007AB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 007AB25D
                                                                            • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 007AB270
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InputSendkeybd_event
                                                                            • String ID:
                                                                            • API String ID: 3536248340-0
                                                                            • Opcode ID: 81d3d730b83bf96d14b3a4a3da562d3e971c8ca9c3c5bc383c69e6d7fb5fb8ac
                                                                            • Instruction ID: f12de31ba0e838f42b7eab92c4370a9911ef54cbfdbdec07fe3e78895ba77cda
                                                                            • Opcode Fuzzy Hash: 81d3d730b83bf96d14b3a4a3da562d3e971c8ca9c3c5bc383c69e6d7fb5fb8ac
                                                                            • Instruction Fuzzy Hash: CBF01D7180424EABDB059FA0C805BAE7BB4FF09315F10814AF955A5192C37D8611DF94
                                                                            Function 007A10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,007A11FC), ref: 007A10D4
                                                                            • CloseHandle.KERNEL32(?,?,007A11FC), ref: 007A10E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 81990902-0
                                                                            • Opcode ID: d9baec993c30f57dd9031fb06d86dcfddc3f5641008381141bcfd7e22ecd42a5
                                                                            • Instruction ID: eccc69ce6c8f2cb84d5b541ebc9c74f2abf5d92de93b83facefc033be5ee53f4
                                                                            • Opcode Fuzzy Hash: d9baec993c30f57dd9031fb06d86dcfddc3f5641008381141bcfd7e22ecd42a5
                                                                            • Instruction Fuzzy Hash: 3EE04F32004601EEF7262B11FC0AEB377B9EB04311F10C82EF8A5804B1DBA66C90DB54
                                                                            Function 0074CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Variable is not of type 'Object'., xrefs: 00790C40
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Variable is not of type 'Object'.
                                                                            • API String ID: 0-1840281001
                                                                            • Opcode ID: 3e3b559164b710a6b00e6ab2d4da8d9a36a12610915a739955be4e84da553d9b
                                                                            • Instruction ID: 5bc3ff66b5723cc9c18d17289a2557af36b5637cdb7dda09dd2d7686dc09efac
                                                                            • Opcode Fuzzy Hash: 3e3b559164b710a6b00e6ab2d4da8d9a36a12610915a739955be4e84da553d9b
                                                                            • Instruction Fuzzy Hash: F832BD70A11218DFCF55DF90D885AEDB7B5FF05304F148069E806AB292DB7DAE49CBA0
                                                                            Function 0077676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00776766,?,?,00000008,?,?,0077FEFE,00000000), ref: 00776998
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionRaise
                                                                            • String ID:
                                                                            • API String ID: 3997070919-0
                                                                            • Opcode ID: 0183d562bc613a8d3c5685eb62d60af4770fc300d121e3e0cef14ed7c7dd778f
                                                                            • Instruction ID: 3fd65c5f3cce08982a1b041eea7bb19433a5fea941ce9e7c734ba77048571648
                                                                            • Opcode Fuzzy Hash: 0183d562bc613a8d3c5685eb62d60af4770fc300d121e3e0cef14ed7c7dd778f
                                                                            • Instruction Fuzzy Hash: 38B15C31610A099FDB19CF28C486B657BE0FF453A4F25C658E99DCF2A6C339E985CB40
                                                                            Function 0075B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID: 0-3916222277
                                                                            • Opcode ID: 3f5463d5466890a25a44dd8e28e5de2ff3b4f7f0389dbb892e07f7a084628eb6
                                                                            • Instruction ID: 852cd9ee802f30fbdfa4a55962c9face8fff33c7f363f8ab35357776dff8a7ec
                                                                            • Opcode Fuzzy Hash: 3f5463d5466890a25a44dd8e28e5de2ff3b4f7f0389dbb892e07f7a084628eb6
                                                                            • Instruction Fuzzy Hash: 7F125F71900229DBCF64CF58D880AFEB7B5FF48710F14819AE849EB251DB789E85CB91
                                                                            Function 007BEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BlockInput.USER32(00000001), ref: 007BEABD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BlockInput
                                                                            • String ID:
                                                                            • API String ID: 3456056419-0
                                                                            • Opcode ID: 947f532c44fa7cf3dfb1111ad1755ed9ad9967c754f0fa6b00443099b8e1e75e
                                                                            • Instruction ID: 760f7e88f805954387ae7449a596048ccbdee2f045ea493688d36aa50af4c6b3
                                                                            • Opcode Fuzzy Hash: 947f532c44fa7cf3dfb1111ad1755ed9ad9967c754f0fa6b00443099b8e1e75e
                                                                            • Instruction Fuzzy Hash: 63E01A322002049FC710EF69D808E9AF7EDAF98760F00C416FC49C7391DB79E8408B90
                                                                            Function 007609D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,007603EE), ref: 007609DA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterUnhandled
                                                                            • String ID:
                                                                            • API String ID: 3192549508-0
                                                                            • Opcode ID: 742cc0a7a0a16cda0cd867e494ae48e036f40895886bd7a3396c19dc0b3d34ef
                                                                            • Instruction ID: 82ce8aca1d479708c58c08cff3c159a6e552de30eda733d933ea4cfb2ec288fd
                                                                            • Opcode Fuzzy Hash: 742cc0a7a0a16cda0cd867e494ae48e036f40895886bd7a3396c19dc0b3d34ef
                                                                            • Instruction Fuzzy Hash:
                                                                            Function 0076781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0
                                                                            • API String ID: 0-4108050209
                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                            • Instruction ID: 92dee958abaaa648e80228157a04858c8d5a6ed69405cbdd2bd07674c7cb3d21
                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                            • Instruction Fuzzy Hash: FD51466160C7479ADB3C8578889E7BE23D99B123CCF180A09DC83DB282C61DEE45D356
                                                                            Function 00776DD9 Relevance: .6, Instructions: 637COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 974c1c540a27892f7d3e70a9609ebcffa5b789e7019310815da91db4ede252b4
                                                                            • Instruction ID: fb7c15b45b4d81f00d3a697cc057cd502a8b29ed7b8c01e39ba19cb43d4c44c5
                                                                            • Opcode Fuzzy Hash: 974c1c540a27892f7d3e70a9609ebcffa5b789e7019310815da91db4ede252b4
                                                                            • Instruction Fuzzy Hash: E1322621D29F814DDB279634CC62335664DAFBB3C5F15D737E81AB99AAEB2DC4838100
                                                                            Function 0075CC39 Relevance: .6, Instructions: 635COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 206423f82115d3999af316c9fb863990e2ad84761761a952d30d8764c1cfc024
                                                                            • Instruction ID: 649eb7ea6e01dd6198ebf56257ef53c668d69b151d7a2894bcf714e418be6448
                                                                            • Opcode Fuzzy Hash: 206423f82115d3999af316c9fb863990e2ad84761761a952d30d8764c1cfc024
                                                                            • Instruction Fuzzy Hash: 15324931A002458FDF27CF28E4946BD7BA1EB45311F28816AD85ACB292E73CDD85DB60
                                                                            Function 00747920 Relevance: .6, Instructions: 563COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 43feecaefc58ad381eff640f39439cb74001ac6c6c082259b2d0bbf03afe7445
                                                                            • Instruction ID: daaac4cdd9fe3f5c34f6f7257e97a076c11db70031543b189870af141cb4189c
                                                                            • Opcode Fuzzy Hash: 43feecaefc58ad381eff640f39439cb74001ac6c6c082259b2d0bbf03afe7445
                                                                            • Instruction Fuzzy Hash: 9A22B1B0A04609DFDF14DF68D885AAEB7F6FF44300F244529E816E7291EB3AAD15CB50
                                                                            Function 007491C0 Relevance: .5, Instructions: 475COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: eb22bee31f7d5886ae46ac5731fee579974eb653d655d9f92ebc14d405ee4cb2
                                                                            • Instruction ID: 4df0490c1ca352e49124ea58819652172da6e00b0771f38042fd6eff139a3564
                                                                            • Opcode Fuzzy Hash: eb22bee31f7d5886ae46ac5731fee579974eb653d655d9f92ebc14d405ee4cb2
                                                                            • Instruction Fuzzy Hash: CF02B7B1E00205EFDB04EF64D885AAEB7B5FF44300F118169E916DB291EB79EE14CB91
                                                                            Function 00779EEE Relevance: .3, Instructions: 294COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1eba395f631921772b3085e629b6717e534678db85dec18a256ac63976ae09b3
                                                                            • Instruction ID: fa1581d801f8a4f8231279221160048f5c59191f9a197c8f04e72331d15ca021
                                                                            • Opcode Fuzzy Hash: 1eba395f631921772b3085e629b6717e534678db85dec18a256ac63976ae09b3
                                                                            • Instruction Fuzzy Hash: 1CB12520D2AF814DD7239639C875336B65CAFBB2C5F91D71BFC2A79D22EB2685834140
                                                                            Function 00761C77 Relevance: .3, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                            • Instruction ID: 1c266cf9209a7036797d7ae0b346a184cef985dc864de86f4f2f5ba17d27d318
                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                            • Instruction Fuzzy Hash: 729167726090E34ADB2D863A857C07DFFE15A523A235E079EDCF3CA1C5EE18D954E620
                                                                            Function 00761F32 Relevance: .2, Instructions: 244COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                            • Instruction ID: f9c11461b3e5a0ac74fffecf0dde4f8c7b8476394d8a601aec9c52e6f8723092
                                                                            • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                            • Instruction Fuzzy Hash: 5F91687220D4E349DBAD4239847807DFFE15A923A131E079DDCF3CB5C6EE289555E620
                                                                            Function 007619B0 Relevance: .2, Instructions: 240COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                            • Instruction ID: 9a1c6b6dbaee4d9ece373a9b17ccc8061a60c7ada5e7701af3897be2dd474a90
                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                            • Instruction Fuzzy Hash: ED9173722091E34EDB2D427A857C03DFFE15A923A235E479ED8F7CA1C1FD189558E620
                                                                            Function 00767A4A Relevance: .2, Instructions: 237COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a3ec3f861d0d733ef68c49922214fd01ca9f55762f82aba838a979b4da86d62a
                                                                            • Instruction ID: 3f0d7a33baeed40e23d98fc510c157f839de9a5d3b3419cea00c1230ecc6f308
                                                                            • Opcode Fuzzy Hash: a3ec3f861d0d733ef68c49922214fd01ca9f55762f82aba838a979b4da86d62a
                                                                            • Instruction Fuzzy Hash: A1618DB120870996DE3C9A6C8C95BBE2398DF417CCF144A1DEC4BDB281D91DDE42C756
                                                                            Function 00767CA7 Relevance: .2, Instructions: 237COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf405809b230e436f60eb2f935fce4f36893061746770671bcb51a405f19aa6c
                                                                            • Instruction ID: 5631bd6b1237b1c4008f3c7f94234db4725e431d9adac2fc358bb3e625115e8a
                                                                            • Opcode Fuzzy Hash: cf405809b230e436f60eb2f935fce4f36893061746770671bcb51a405f19aa6c
                                                                            • Instruction Fuzzy Hash: FA61697170870996DA3C8A288895BBF23949F427CCF140D5AED43DB281EB1EAD4AC356
                                                                            Function 00761706 Relevance: .2, Instructions: 232COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                            • Instruction ID: 46d98b578e7da5d99b00084667731f6f0736f3cc6860550c65e892ee88d487ac
                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                            • Instruction Fuzzy Hash: 068151726091E309DB6D863A853843EFFE15A923B135E079DD8F3CB5C1EE289558E620
                                                                            Function 007B2046 Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6cffc9558261a26838309e91bfac7b989434c0022be598fb3e718b50094b6282
                                                                            • Instruction ID: 51c973afcb245ddd922087fac56337aedd1d508eba79f2cd5c7d1a5e7835c47e
                                                                            • Opcode Fuzzy Hash: 6cffc9558261a26838309e91bfac7b989434c0022be598fb3e718b50094b6282
                                                                            • Instruction Fuzzy Hash: DA21D8322216118BD728CE79C8126BA73E9BB64310F14862EE4A7C33D1DE39A945CB40
                                                                            Function 007C2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteObject.GDI32(00000000), ref: 007C2B30
                                                                            • DeleteObject.GDI32(00000000), ref: 007C2B43
                                                                            • DestroyWindow.USER32 ref: 007C2B52
                                                                            • GetDesktopWindow.USER32 ref: 007C2B6D
                                                                            • GetWindowRect.USER32(00000000), ref: 007C2B74
                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 007C2CA3
                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 007C2CB1
                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2CF8
                                                                            • GetClientRect.USER32(00000000,?), ref: 007C2D04
                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 007C2D40
                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2D62
                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2D75
                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2D80
                                                                            • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2D89
                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2D98
                                                                            • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2DA1
                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2DA8
                                                                            • GlobalFree.KERNEL32(00000000), ref: 007C2DB3
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2DC5
                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,007DFC38,00000000), ref: 007C2DDB
                                                                            • GlobalFree.KERNEL32(00000000), ref: 007C2DEB
                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 007C2E11
                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 007C2E30
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2E52
                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C303F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                            • API String ID: 2211948467-2373415609
                                                                            • Opcode ID: b700c3891c0eb6d1c5da4820bd887913c52b3042a51346505c914005458269c5
                                                                            • Instruction ID: 81206a60760bcd9ef47b94a3dc2d81f4e29f01ffbe75ba433a6e4bf61d3c6df4
                                                                            • Opcode Fuzzy Hash: b700c3891c0eb6d1c5da4820bd887913c52b3042a51346505c914005458269c5
                                                                            • Instruction Fuzzy Hash: FF025771900219EFDB15DF64CC89EAEBBB9EB48310F04815DF915AB2A1DB78ED01CB64
                                                                            Function 007D70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetTextColor.GDI32(?,00000000), ref: 007D712F
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 007D7160
                                                                            • GetSysColor.USER32(0000000F), ref: 007D716C
                                                                            • SetBkColor.GDI32(?,000000FF), ref: 007D7186
                                                                            • SelectObject.GDI32(?,?), ref: 007D7195
                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 007D71C0
                                                                            • GetSysColor.USER32(00000010), ref: 007D71C8
                                                                            • CreateSolidBrush.GDI32(00000000), ref: 007D71CF
                                                                            • FrameRect.USER32(?,?,00000000), ref: 007D71DE
                                                                            • DeleteObject.GDI32(00000000), ref: 007D71E5
                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 007D7230
                                                                            • FillRect.USER32(?,?,?), ref: 007D7262
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 007D7284
                                                                              • Part of subcall function 007D73E8: GetSysColor.USER32(00000012), ref: 007D7421
                                                                              • Part of subcall function 007D73E8: SetTextColor.GDI32(?,?), ref: 007D7425
                                                                              • Part of subcall function 007D73E8: GetSysColorBrush.USER32(0000000F), ref: 007D743B
                                                                              • Part of subcall function 007D73E8: GetSysColor.USER32(0000000F), ref: 007D7446
                                                                              • Part of subcall function 007D73E8: GetSysColor.USER32(00000011), ref: 007D7463
                                                                              • Part of subcall function 007D73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 007D7471
                                                                              • Part of subcall function 007D73E8: SelectObject.GDI32(?,00000000), ref: 007D7482
                                                                              • Part of subcall function 007D73E8: SetBkColor.GDI32(?,00000000), ref: 007D748B
                                                                              • Part of subcall function 007D73E8: SelectObject.GDI32(?,?), ref: 007D7498
                                                                              • Part of subcall function 007D73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 007D74B7
                                                                              • Part of subcall function 007D73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007D74CE
                                                                              • Part of subcall function 007D73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 007D74DB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                            • String ID:
                                                                            • API String ID: 4124339563-0
                                                                            • Opcode ID: 74e49f23bf305d5b2da028dcda2b3b237f544847f112616ade8d7653e4d38dac
                                                                            • Instruction ID: e257965ed3aa6dcee0f00b8edf9fc7ae34764961216889cdd6ed2e15d9f9cd08
                                                                            • Opcode Fuzzy Hash: 74e49f23bf305d5b2da028dcda2b3b237f544847f112616ade8d7653e4d38dac
                                                                            • Instruction Fuzzy Hash: 4BA1B272009316EFDB059F60DC48A5BBBB9FB88320F104B1AF962961E0E739E944CB51
                                                                            Function 00758D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(?,?), ref: 00758E14
                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00796AC5
                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00796AFE
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00796F43
                                                                              • Part of subcall function 00758F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00758BE8,?,00000000,?,?,?,?,00758BBA,00000000,?), ref: 00758FC5
                                                                            • SendMessageW.USER32(?,00001053), ref: 00796F7F
                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00796F96
                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00796FAC
                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00796FB7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                            • String ID: 0
                                                                            • API String ID: 2760611726-4108050209
                                                                            • Opcode ID: 81a772ec1adf5a18241a76cd1b3acdb2a641ca7ed5b07ad8450d534573c1c33f
                                                                            • Instruction ID: 7864e4aedb8f9c9f22cce257d3e0a748e056e6776519e3cdea795cab3d07e5cb
                                                                            • Opcode Fuzzy Hash: 81a772ec1adf5a18241a76cd1b3acdb2a641ca7ed5b07ad8450d534573c1c33f
                                                                            • Instruction Fuzzy Hash: 5612CB30201201DFDF25CF24E849BA9BBB5FF44301F548269F9999B261CB79EC95CB92
                                                                            Function 007C2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000), ref: 007C273E
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 007C286A
                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 007C28A9
                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 007C28B9
                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 007C2900
                                                                            • GetClientRect.USER32(00000000,?), ref: 007C290C
                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 007C2955
                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 007C2964
                                                                            • GetStockObject.GDI32(00000011), ref: 007C2974
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 007C2978
                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 007C2988
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007C2991
                                                                            • DeleteDC.GDI32(00000000), ref: 007C299A
                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 007C29C6
                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 007C29DD
                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 007C2A1D
                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 007C2A31
                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 007C2A42
                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 007C2A77
                                                                            • GetStockObject.GDI32(00000011), ref: 007C2A82
                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 007C2A8D
                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 007C2A97
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                            • API String ID: 2910397461-517079104
                                                                            • Opcode ID: c5aff194bf717b17af1bfea1f39f75d11eede328d88ac701d6701a7d81d3ee10
                                                                            • Instruction ID: ea253272a6b70064faf2a883ed557813dc7905da7c61f7b034e4eb43bdf600e6
                                                                            • Opcode Fuzzy Hash: c5aff194bf717b17af1bfea1f39f75d11eede328d88ac701d6701a7d81d3ee10
                                                                            • Instruction Fuzzy Hash: 27B13CB1A40215AFDB14DF68CC49FAABBB9EB08710F108519FA15E7291D778ED40CB54
                                                                            Function 007B4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 007B4AED
                                                                            • GetDriveTypeW.KERNEL32(?,007DCB68,?,\\.\,007DCC08), ref: 007B4BCA
                                                                            • SetErrorMode.KERNEL32(00000000,007DCB68,?,\\.\,007DCC08), ref: 007B4D36
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$DriveType
                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                            • API String ID: 2907320926-4222207086
                                                                            • Opcode ID: 546aa6ba5aa8af561820e7f29d9a490e65c1df039fadc0cbba4cf9e6f913a3b1
                                                                            • Instruction ID: bdd66e83f1d206e71ba5b6598c52e618ae46d6145784cc0f2c7be2ddbdf1f9b1
                                                                            • Opcode Fuzzy Hash: 546aa6ba5aa8af561820e7f29d9a490e65c1df039fadc0cbba4cf9e6f913a3b1
                                                                            • Instruction Fuzzy Hash: CC61AE30601106DBCB54DF24CA96AB9BBB0FB04B00B248415F906EB693EB2EDD65DB61
                                                                            Function 007D73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSysColor.USER32(00000012), ref: 007D7421
                                                                            • SetTextColor.GDI32(?,?), ref: 007D7425
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 007D743B
                                                                            • GetSysColor.USER32(0000000F), ref: 007D7446
                                                                            • CreateSolidBrush.GDI32(?), ref: 007D744B
                                                                            • GetSysColor.USER32(00000011), ref: 007D7463
                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 007D7471
                                                                            • SelectObject.GDI32(?,00000000), ref: 007D7482
                                                                            • SetBkColor.GDI32(?,00000000), ref: 007D748B
                                                                            • SelectObject.GDI32(?,?), ref: 007D7498
                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 007D74B7
                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007D74CE
                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 007D74DB
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 007D752A
                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 007D7554
                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 007D7572
                                                                            • DrawFocusRect.USER32(?,?), ref: 007D757D
                                                                            • GetSysColor.USER32(00000011), ref: 007D758E
                                                                            • SetTextColor.GDI32(?,00000000), ref: 007D7596
                                                                            • DrawTextW.USER32(?,007D70F5,000000FF,?,00000000), ref: 007D75A8
                                                                            • SelectObject.GDI32(?,?), ref: 007D75BF
                                                                            • DeleteObject.GDI32(?), ref: 007D75CA
                                                                            • SelectObject.GDI32(?,?), ref: 007D75D0
                                                                            • DeleteObject.GDI32(?), ref: 007D75D5
                                                                            • SetTextColor.GDI32(?,?), ref: 007D75DB
                                                                            • SetBkColor.GDI32(?,?), ref: 007D75E5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                            • String ID:
                                                                            • API String ID: 1996641542-0
                                                                            • Opcode ID: ec800e2c9b688112f0286dec1f0dc907b81a019119d75289ef168605d65aaff3
                                                                            • Instruction ID: 7ae6f3fbdf676191ae3060525f3b8062b371ff97aa630edadd67ab17debf86d5
                                                                            • Opcode Fuzzy Hash: ec800e2c9b688112f0286dec1f0dc907b81a019119d75289ef168605d65aaff3
                                                                            • Instruction Fuzzy Hash: 7B618372901219AFDF069FA4DC49EEEBF79EF08320F108116F915AB2A1D7799940CF90
                                                                            Function 007D0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCursorPos.USER32(?), ref: 007D1128
                                                                            • GetDesktopWindow.USER32 ref: 007D113D
                                                                            • GetWindowRect.USER32(00000000), ref: 007D1144
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 007D1199
                                                                            • DestroyWindow.USER32(?), ref: 007D11B9
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 007D11ED
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007D120B
                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 007D121D
                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 007D1232
                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 007D1245
                                                                            • IsWindowVisible.USER32(00000000), ref: 007D12A1
                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 007D12BC
                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 007D12D0
                                                                            • GetWindowRect.USER32(00000000,?), ref: 007D12E8
                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 007D130E
                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 007D1328
                                                                            • CopyRect.USER32(?,?), ref: 007D133F
                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 007D13AA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                            • String ID: ($0$tooltips_class32
                                                                            • API String ID: 698492251-4156429822
                                                                            • Opcode ID: 581cb83417b66729be313c4c52ecb874204a6feb1c75d9035b66aa3b6ee05a89
                                                                            • Instruction ID: 7939b3733425c9b1ebcac3f55be9e12e7008039e433fb8a17803739161652121
                                                                            • Opcode Fuzzy Hash: 581cb83417b66729be313c4c52ecb874204a6feb1c75d9035b66aa3b6ee05a89
                                                                            • Instruction Fuzzy Hash: 27B17B71608341AFD714DF64C888B6AFBF4FF88350F40891AF9999B2A1D735E844CB96
                                                                            Function 00758891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00758968
                                                                            • GetSystemMetrics.USER32(00000007), ref: 00758970
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0075899B
                                                                            • GetSystemMetrics.USER32(00000008), ref: 007589A3
                                                                            • GetSystemMetrics.USER32(00000004), ref: 007589C8
                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007589E5
                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007589F5
                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00758A28
                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00758A3C
                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00758A5A
                                                                            • GetStockObject.GDI32(00000011), ref: 00758A76
                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00758A81
                                                                              • Part of subcall function 0075912D: GetCursorPos.USER32(?), ref: 00759141
                                                                              • Part of subcall function 0075912D: ScreenToClient.USER32(00000000,?), ref: 0075915E
                                                                              • Part of subcall function 0075912D: GetAsyncKeyState.USER32(00000001), ref: 00759183
                                                                              • Part of subcall function 0075912D: GetAsyncKeyState.USER32(00000002), ref: 0075919D
                                                                            • SetTimer.USER32(00000000,00000000,00000028,007590FC), ref: 00758AA8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                            • String ID: AutoIt v3 GUI
                                                                            • API String ID: 1458621304-248962490
                                                                            • Opcode ID: 2a71a019ba762c8d2a1e36f25be01c6e26e851c1dd3f1b8f2fbe03f1c7f4f662
                                                                            • Instruction ID: f9e4fc3458ed30e77d95b508cbf862421efae9f464de9132c88542b8a5de3be3
                                                                            • Opcode Fuzzy Hash: 2a71a019ba762c8d2a1e36f25be01c6e26e851c1dd3f1b8f2fbe03f1c7f4f662
                                                                            • Instruction Fuzzy Hash: BEB16F7160020ADFDF14DFA8DC49BEA7BB5FB48315F10822AFA15A7290DB78A841CB55
                                                                            Function 007A0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007A10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 007A1114
                                                                              • Part of subcall function 007A10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1120
                                                                              • Part of subcall function 007A10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A112F
                                                                              • Part of subcall function 007A10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1136
                                                                              • Part of subcall function 007A10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 007A114D
                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 007A0DF5
                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 007A0E29
                                                                            • GetLengthSid.ADVAPI32(?), ref: 007A0E40
                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 007A0E7A
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 007A0E96
                                                                            • GetLengthSid.ADVAPI32(?), ref: 007A0EAD
                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 007A0EB5
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 007A0EBC
                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 007A0EDD
                                                                            • CopySid.ADVAPI32(00000000), ref: 007A0EE4
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 007A0F13
                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 007A0F35
                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 007A0F47
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0F6E
                                                                            • HeapFree.KERNEL32(00000000), ref: 007A0F75
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0F7E
                                                                            • HeapFree.KERNEL32(00000000), ref: 007A0F85
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0F8E
                                                                            • HeapFree.KERNEL32(00000000), ref: 007A0F95
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 007A0FA1
                                                                            • HeapFree.KERNEL32(00000000), ref: 007A0FA8
                                                                              • Part of subcall function 007A1193: GetProcessHeap.KERNEL32(00000008,007A0BB1,?,00000000,?,007A0BB1,?), ref: 007A11A1
                                                                              • Part of subcall function 007A1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,007A0BB1,?), ref: 007A11A8
                                                                              • Part of subcall function 007A1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,007A0BB1,?), ref: 007A11B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                            • String ID:
                                                                            • API String ID: 4175595110-0
                                                                            • Opcode ID: 72daf37d757c6bfeffc7f6f58b2d1a3438be986cf0df5dcd8c897b04503c91d4
                                                                            • Instruction ID: cb6b4bd49d55ccf91bfe10ef74e9d5726123c6f22db120a5317fda812d8294d6
                                                                            • Opcode Fuzzy Hash: 72daf37d757c6bfeffc7f6f58b2d1a3438be986cf0df5dcd8c897b04503c91d4
                                                                            • Instruction Fuzzy Hash: 7171B07190121AEFDF209FA4DC49FAEBBB8BF45300F048616F954F6191D7399A05CBA0
                                                                            Function 007CC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007CC4BD
                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,007DCC08,00000000,?,00000000,?,?), ref: 007CC544
                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 007CC5A4
                                                                            • _wcslen.LIBCMT ref: 007CC5F4
                                                                            • _wcslen.LIBCMT ref: 007CC66F
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 007CC6B2
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 007CC7C1
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 007CC84D
                                                                            • RegCloseKey.ADVAPI32(?), ref: 007CC881
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 007CC88E
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 007CC960
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                            • API String ID: 9721498-966354055
                                                                            • Opcode ID: 2d7afc9f2764990b90e7c1d41478c2ab74c0bef053ce24f88a311fad2e5bb37c
                                                                            • Instruction ID: 9bad09a84a216f27671fa29f8d93f83c47cc2650940c5ca9fb698df831d2fead
                                                                            • Opcode Fuzzy Hash: 2d7afc9f2764990b90e7c1d41478c2ab74c0bef053ce24f88a311fad2e5bb37c
                                                                            • Instruction Fuzzy Hash: B0123535604201DFDB15DF14C895F2AB7E5EF88714F14889DF88A9B2A2DB39ED41CB81
                                                                            Function 007D091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?), ref: 007D09C6
                                                                            • _wcslen.LIBCMT ref: 007D0A01
                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007D0A54
                                                                            • _wcslen.LIBCMT ref: 007D0A8A
                                                                            • _wcslen.LIBCMT ref: 007D0B06
                                                                            • _wcslen.LIBCMT ref: 007D0B81
                                                                              • Part of subcall function 0075F9F2: _wcslen.LIBCMT ref: 0075F9FD
                                                                              • Part of subcall function 007A2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007A2BFA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                            • API String ID: 1103490817-4258414348
                                                                            • Opcode ID: 625f29b19d3c63086b144edf17adea553299f95588535cd3d81a9cc551e3031b
                                                                            • Instruction ID: b7b1b2f4130071832fa094a9605c550988adcac84c0623a030ddcf4453531e2c
                                                                            • Opcode Fuzzy Hash: 625f29b19d3c63086b144edf17adea553299f95588535cd3d81a9cc551e3031b
                                                                            • Instruction Fuzzy Hash: FEE166316087019FC714DF24C854A2AB7F2FF98314F14895AF8969B3A2D739ED4ACB81
                                                                            Function 007CC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                            • API String ID: 1256254125-909552448
                                                                            • Opcode ID: eb53b60f57eb04fb5321c0de3f9e5e1e05888ba2bb3396b718adaafb498c54f9
                                                                            • Instruction ID: 034818fc01b510f3e21d869c3e918d05668a666a7766a076dffb14c8e9429410
                                                                            • Opcode Fuzzy Hash: eb53b60f57eb04fb5321c0de3f9e5e1e05888ba2bb3396b718adaafb498c54f9
                                                                            • Instruction Fuzzy Hash: B371D172A0052A8BCB22DEBC8D45FBE3395AB60750B15412CEC6AA7284E73DDD45C3A0
                                                                            Function 007D833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 007D835A
                                                                            • _wcslen.LIBCMT ref: 007D836E
                                                                            • _wcslen.LIBCMT ref: 007D8391
                                                                            • _wcslen.LIBCMT ref: 007D83B4
                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 007D83F2
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,007D361A,?), ref: 007D844E
                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 007D8487
                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 007D84CA
                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 007D8501
                                                                            • FreeLibrary.KERNEL32(?), ref: 007D850D
                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 007D851D
                                                                            • DestroyIcon.USER32(?), ref: 007D852C
                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 007D8549
                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 007D8555
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                            • String ID: .dll$.exe$.icl
                                                                            • API String ID: 799131459-1154884017
                                                                            • Opcode ID: 5de487a3f8ae0894b0c39094a83d5e226353e836fb92c8bd8d72b6438917877a
                                                                            • Instruction ID: 003ca12fa4cdf79234547c8742e5801b9e402769f68095375cc6118d74287544
                                                                            • Opcode Fuzzy Hash: 5de487a3f8ae0894b0c39094a83d5e226353e836fb92c8bd8d72b6438917877a
                                                                            • Instruction Fuzzy Hash: 4861E171940215FAEB54DF64DC45BBF77B8FB04B11F10860AF816EA2D1DB78A950C7A0
                                                                            Function 00747778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                            • API String ID: 0-1645009161
                                                                            • Opcode ID: cda60d2a3595ab19ff9455e785bd9baf40bfa3b8734bdb4484daf8492cbb9185
                                                                            • Instruction ID: e3335fb9bbc615b78daf4ba246e9aa7a1776b19b06d4a8e42f5605dbf69af46e
                                                                            • Opcode Fuzzy Hash: cda60d2a3595ab19ff9455e785bd9baf40bfa3b8734bdb4484daf8492cbb9185
                                                                            • Instruction Fuzzy Hash: 2F8104B1A44605FBDB25BF60CC4AFAE77A8AF15300F004025FD05AB292EB7DDA15C7A1
                                                                            Function 007B3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharLowerBuffW.USER32(?,?), ref: 007B3EF8
                                                                            • _wcslen.LIBCMT ref: 007B3F03
                                                                            • _wcslen.LIBCMT ref: 007B3F5A
                                                                            • _wcslen.LIBCMT ref: 007B3F98
                                                                            • GetDriveTypeW.KERNEL32(?), ref: 007B3FD6
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007B401E
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007B4059
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007B4087
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                            • API String ID: 1839972693-4113822522
                                                                            • Opcode ID: 2c74e9c03c7ddf36ec2655a6e54e5e9cddcafdefed802179610f43089cc3173d
                                                                            • Instruction ID: fe407f961406231959fe431069760b749f4c4f6267e5513dcfcdd5f3f64e16c5
                                                                            • Opcode Fuzzy Hash: 2c74e9c03c7ddf36ec2655a6e54e5e9cddcafdefed802179610f43089cc3173d
                                                                            • Instruction Fuzzy Hash: C971E1726042129FC710EF24C8819BAB7F4FF94754F10492DF99697291EB38ED49CB91
                                                                            Function 007A5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadIconW.USER32(00000063), ref: 007A5A2E
                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 007A5A40
                                                                            • SetWindowTextW.USER32(?,?), ref: 007A5A57
                                                                            • GetDlgItem.USER32(?,000003EA), ref: 007A5A6C
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 007A5A72
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 007A5A82
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 007A5A88
                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 007A5AA9
                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 007A5AC3
                                                                            • GetWindowRect.USER32(?,?), ref: 007A5ACC
                                                                            • _wcslen.LIBCMT ref: 007A5B33
                                                                            • SetWindowTextW.USER32(?,?), ref: 007A5B6F
                                                                            • GetDesktopWindow.USER32 ref: 007A5B75
                                                                            • GetWindowRect.USER32(00000000), ref: 007A5B7C
                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 007A5BD3
                                                                            • GetClientRect.USER32(?,?), ref: 007A5BE0
                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 007A5C05
                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 007A5C2F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                            • String ID:
                                                                            • API String ID: 895679908-0
                                                                            • Opcode ID: 4268f248da3729b813c439dc7cc15cfad2916d74ca2d32cd55e4371b5f3ecb9d
                                                                            • Instruction ID: 80315d218986e8d6f107d70c5652410d8318d0ff222184512dba43c23d667c3e
                                                                            • Opcode Fuzzy Hash: 4268f248da3729b813c439dc7cc15cfad2916d74ca2d32cd55e4371b5f3ecb9d
                                                                            • Instruction Fuzzy Hash: 15718071A00B06EFDB21DFA8CE45B6EBBF5FF88705F104619E142A25A0D778E944CB64
                                                                            Function 007BFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 007BFE27
                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 007BFE32
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 007BFE3D
                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 007BFE48
                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 007BFE53
                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 007BFE5E
                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 007BFE69
                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 007BFE74
                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 007BFE7F
                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 007BFE8A
                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 007BFE95
                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 007BFEA0
                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 007BFEAB
                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 007BFEB6
                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 007BFEC1
                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 007BFECC
                                                                            • GetCursorInfo.USER32(?), ref: 007BFEDC
                                                                            • GetLastError.KERNEL32 ref: 007BFF1E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                            • String ID:
                                                                            • API String ID: 3215588206-0
                                                                            • Opcode ID: 30d9f8664f1b4e873a35c4b1baf0575777b92400edf000d9f1937a37ce04716f
                                                                            • Instruction ID: b6bf07fb032d938946bf7e922b8a10d61dcd84a7eff80abb55d8a728defa106a
                                                                            • Opcode Fuzzy Hash: 30d9f8664f1b4e873a35c4b1baf0575777b92400edf000d9f1937a37ce04716f
                                                                            • Instruction Fuzzy Hash: 4C4154B0D05319AEDB109FBA8C89D6EBFE8FF04754B50452AE11DE7281DB78D901CE91
                                                                            Function 007600C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 007600C6
                                                                              • Part of subcall function 007600ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0081070C,00000FA0,85B79849,?,?,?,?,007823B3,000000FF), ref: 0076011C
                                                                              • Part of subcall function 007600ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,007823B3,000000FF), ref: 00760127
                                                                              • Part of subcall function 007600ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,007823B3,000000FF), ref: 00760138
                                                                              • Part of subcall function 007600ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0076014E
                                                                              • Part of subcall function 007600ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0076015C
                                                                              • Part of subcall function 007600ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0076016A
                                                                              • Part of subcall function 007600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00760195
                                                                              • Part of subcall function 007600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007601A0
                                                                            • ___scrt_fastfail.LIBCMT ref: 007600E7
                                                                              • Part of subcall function 007600A3: __onexit.LIBCMT ref: 007600A9
                                                                            Strings
                                                                            • InitializeConditionVariable, xrefs: 00760148
                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00760122
                                                                            • WakeAllConditionVariable, xrefs: 00760162
                                                                            • SleepConditionVariableCS, xrefs: 00760154
                                                                            • kernel32.dll, xrefs: 00760133
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                            • API String ID: 66158676-1714406822
                                                                            • Opcode ID: 12a60488035af3e7aedd64d9b907495fdacb5f02da83142f8641169f3972ae0f
                                                                            • Instruction ID: 972f87d03b412f59dff443a1d41ac39a9ee06dcc62031e0f47483c8c389aebe0
                                                                            • Opcode Fuzzy Hash: 12a60488035af3e7aedd64d9b907495fdacb5f02da83142f8641169f3972ae0f
                                                                            • Instruction Fuzzy Hash: 8921077264171AABD7155BA4AC0AB6F37B8EF06B51F10452AFC03D27D1DAAD98008AD4
                                                                            Function 007A30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                            • API String ID: 176396367-1603158881
                                                                            • Opcode ID: 09a91f475f5dee7c39b6c7a7372920b5c667dff42a18d4ca8ac1555c5f910518
                                                                            • Instruction ID: 912b13a23d55ca3ec72cb7bb5546f1f230181cd5f325aa8f10f8f24fb575ac65
                                                                            • Opcode Fuzzy Hash: 09a91f475f5dee7c39b6c7a7372920b5c667dff42a18d4ca8ac1555c5f910518
                                                                            • Instruction Fuzzy Hash: 87E1E732A00516EBCB149FB8C8557EEFB70BF96710F548319F456E7240DB38AE458B90
                                                                            Function 007B44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharLowerBuffW.USER32(00000000,00000000,007DCC08), ref: 007B4527
                                                                            • _wcslen.LIBCMT ref: 007B453B
                                                                            • _wcslen.LIBCMT ref: 007B4599
                                                                            • _wcslen.LIBCMT ref: 007B45F4
                                                                            • _wcslen.LIBCMT ref: 007B463F
                                                                            • _wcslen.LIBCMT ref: 007B46A7
                                                                              • Part of subcall function 0075F9F2: _wcslen.LIBCMT ref: 0075F9FD
                                                                            • GetDriveTypeW.KERNEL32(?,00806BF0,00000061), ref: 007B4743
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                            • API String ID: 2055661098-1000479233
                                                                            • Opcode ID: 034280af098ad70affc811a3cc76dc805ca74c9ebc79c7d5fb65f4bc5526cd1a
                                                                            • Instruction ID: e4162e7ba3c18a22048499c80375813d4f30e36200c18cc4dd725e70658807f4
                                                                            • Opcode Fuzzy Hash: 034280af098ad70affc811a3cc76dc805ca74c9ebc79c7d5fb65f4bc5526cd1a
                                                                            • Instruction Fuzzy Hash: 7DB1E1716083029FC720DF28C894BAAB7E5FFA5724F50491DF596C7292EB38D854CB62
                                                                            Function 007BC476 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 143networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007BC4B0
                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 007BC4C3
                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 007BC4D7
                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 007BC4F0
                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 007BC533
                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 007BC549
                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007BC554
                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 007BC584
                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 007BC5DC
                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 007BC5F0
                                                                            • InternetCloseHandle.WININET(00000000), ref: 007BC5FB
                                                                            Strings
                                                                            • _______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{, xrefs: 007BC490
                                                                            • , xrefs: 007BC575
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                            • String ID: $_______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{
                                                                            • API String ID: 3800310941-3401428005
                                                                            • Opcode ID: 88bcb4dfe584f11fa5b7f512ec245c5515f3e952626e910bcafe2f931d242bb4
                                                                            • Instruction ID: 81a7616cfb7b1e59becc96e1a9a34aed678664d53beb71bb12981b22f670687e
                                                                            • Opcode Fuzzy Hash: 88bcb4dfe584f11fa5b7f512ec245c5515f3e952626e910bcafe2f931d242bb4
                                                                            • Instruction Fuzzy Hash: 9D514DB1501209BFDB229F60C988BEB7BBCFF08754F14841AF945D6210DB38EA54DB60
                                                                            Function 007CAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 007CB198
                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 007CB1B0
                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 007CB1D4
                                                                            • _wcslen.LIBCMT ref: 007CB200
                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 007CB214
                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 007CB236
                                                                            • _wcslen.LIBCMT ref: 007CB332
                                                                              • Part of subcall function 007B05A7: GetStdHandle.KERNEL32(000000F6), ref: 007B05C6
                                                                            • _wcslen.LIBCMT ref: 007CB34B
                                                                            • _wcslen.LIBCMT ref: 007CB366
                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 007CB3B6
                                                                            • GetLastError.KERNEL32(00000000), ref: 007CB407
                                                                            • CloseHandle.KERNEL32(?), ref: 007CB439
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007CB44A
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007CB45C
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007CB46E
                                                                            • CloseHandle.KERNEL32(?), ref: 007CB4E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 2178637699-0
                                                                            • Opcode ID: 12244b0e61c4b75655e5c3adfc1c90974ede0410f84f9ee36d62566dedcaa1a0
                                                                            • Instruction ID: 6fa953a0819d152560c56b394fd52ef547c9adcd1df148acf2919ce2fd4eb92d
                                                                            • Opcode Fuzzy Hash: 12244b0e61c4b75655e5c3adfc1c90974ede0410f84f9ee36d62566dedcaa1a0
                                                                            • Instruction Fuzzy Hash: 83F18A31608340DFC715EF24C886B6EBBE5AF85310F14895DF8999B2A2CB39EC44CB52
                                                                            Function 007C3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,007DCC08), ref: 007C40BB
                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 007C40CD
                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,007DCC08), ref: 007C40F2
                                                                            • FreeLibrary.KERNEL32(00000000,?,007DCC08), ref: 007C413E
                                                                            • StringFromGUID2.OLE32(?,?,00000028,?,007DCC08), ref: 007C41A8
                                                                            • SysFreeString.OLEAUT32(00000009), ref: 007C4262
                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 007C42C8
                                                                            • SysFreeString.OLEAUT32(?), ref: 007C42F2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                            • API String ID: 354098117-199464113
                                                                            • Opcode ID: 62449a3ba2ac23b46a4dd3066411b8dec4f8a0a811b181dcc62bb3235ff7b594
                                                                            • Instruction ID: d4c2b4e79e725700e460a9af682a4e98699edeb32b162fab5b447e9256e4ff9b
                                                                            • Opcode Fuzzy Hash: 62449a3ba2ac23b46a4dd3066411b8dec4f8a0a811b181dcc62bb3235ff7b594
                                                                            • Instruction Fuzzy Hash: 4F122875A00119EFDB14CF94C898EAEBBB5FF45314F24809DE905AB251D735EE82CBA0
                                                                            Function 0074326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemCount.USER32(00811990), ref: 00782F8D
                                                                            • GetMenuItemCount.USER32(00811990), ref: 0078303D
                                                                            • GetCursorPos.USER32(?), ref: 00783081
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0078308A
                                                                            • TrackPopupMenuEx.USER32(00811990,00000000,?,00000000,00000000,00000000), ref: 0078309D
                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 007830A9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                            • String ID: 0
                                                                            • API String ID: 36266755-4108050209
                                                                            • Opcode ID: 1570075e29a793c32795e41bc2004e8161f9e1c305ec978c99a7ff919255fbc2
                                                                            • Instruction ID: 52711632df6b56de747895ad2ac159235c07609a9cc2d9c9d280937b029a87c1
                                                                            • Opcode Fuzzy Hash: 1570075e29a793c32795e41bc2004e8161f9e1c305ec978c99a7ff919255fbc2
                                                                            • Instruction Fuzzy Hash: A3712B70684206BEEB219F24DC4DFAABF75FF05324F204216F629A61E1C7B9AD10DB50
                                                                            Function 007D6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000,?), ref: 007D6DEB
                                                                              • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 007D6E5F
                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 007D6E81
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007D6E94
                                                                            • DestroyWindow.USER32(?), ref: 007D6EB5
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00740000,00000000), ref: 007D6EE4
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007D6EFD
                                                                            • GetDesktopWindow.USER32 ref: 007D6F16
                                                                            • GetWindowRect.USER32(00000000), ref: 007D6F1D
                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 007D6F35
                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 007D6F4D
                                                                              • Part of subcall function 00759944: GetWindowLongW.USER32(?,000000EB), ref: 00759952
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                            • String ID: 0$tooltips_class32
                                                                            • API String ID: 2429346358-3619404913
                                                                            • Opcode ID: d6149f252b1fe0474c35802a435162b813d9479f0ac07727162e2afb8e5d3373
                                                                            • Instruction ID: e7b29e31e3bb7fd77c1a522ce85358b45af3a95953e99614b118f4d92aaabecf
                                                                            • Opcode Fuzzy Hash: d6149f252b1fe0474c35802a435162b813d9479f0ac07727162e2afb8e5d3373
                                                                            • Instruction Fuzzy Hash: 2C716674104245AFDB21CF18DC48EAABBF9FB89304F54451EF99987361C778E906CB16
                                                                            Function 007D911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                            • DragQueryPoint.SHELL32(?,?), ref: 007D9147
                                                                              • Part of subcall function 007D7674: ClientToScreen.USER32(?,?), ref: 007D769A
                                                                              • Part of subcall function 007D7674: GetWindowRect.USER32(?,?), ref: 007D7710
                                                                              • Part of subcall function 007D7674: PtInRect.USER32(?,?,007D8B89), ref: 007D7720
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 007D91B0
                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 007D91BB
                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 007D91DE
                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 007D9225
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 007D923E
                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 007D9255
                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 007D9277
                                                                            • DragFinish.SHELL32(?), ref: 007D927E
                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 007D9371
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                            • API String ID: 221274066-3440237614
                                                                            • Opcode ID: 3a0676e7a5cf018323586ee8397363d7aab7b73f5713d1fe44817a533c460b11
                                                                            • Instruction ID: e0f33544de393de88dd4b891355f17c32854f31a41cf673c4adc6b935dcf5b5a
                                                                            • Opcode Fuzzy Hash: 3a0676e7a5cf018323586ee8397363d7aab7b73f5713d1fe44817a533c460b11
                                                                            • Instruction Fuzzy Hash: E0616971108301AFC701DF64DC89DABBBF8FF89350F00491EF695922A1DB34AA49CB62
                                                                            Function 007D856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 007D8592
                                                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 007D85A2
                                                                            • GlobalAlloc.KERNEL32(00000002,00000000), ref: 007D85AD
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007D85BA
                                                                            • GlobalLock.KERNEL32(00000000), ref: 007D85C8
                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 007D85D7
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 007D85E0
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007D85E7
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 007D85F8
                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,007DFC38,?), ref: 007D8611
                                                                            • GlobalFree.KERNEL32(00000000), ref: 007D8621
                                                                            • GetObjectW.GDI32(?,00000018,000000FF), ref: 007D8641
                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 007D8671
                                                                            • DeleteObject.GDI32(00000000), ref: 007D8699
                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 007D86AF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                            • String ID:
                                                                            • API String ID: 3840717409-0
                                                                            • Opcode ID: 32fdeed01763198c5cbaa92279a543cded61b52fd262b48667e95bee0db238ac
                                                                            • Instruction ID: 9f2db606b0048c2ace924a6f9ffbe2118024dacb5006131ed499b21826655149
                                                                            • Opcode Fuzzy Hash: 32fdeed01763198c5cbaa92279a543cded61b52fd262b48667e95bee0db238ac
                                                                            • Instruction Fuzzy Hash: 49414C71601209AFDB118FA5DC48EAE7BBCFF89711F10815AF906E7260DB38AD01CB25
                                                                            Function 007B14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(00000000), ref: 007B1502
                                                                            • VariantCopy.OLEAUT32(?,?), ref: 007B150B
                                                                            • VariantClear.OLEAUT32(?), ref: 007B1517
                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 007B15FB
                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 007B1657
                                                                            • VariantInit.OLEAUT32(?), ref: 007B1708
                                                                            • SysFreeString.OLEAUT32(?), ref: 007B178C
                                                                            • VariantClear.OLEAUT32(?), ref: 007B17D8
                                                                            • VariantClear.OLEAUT32(?), ref: 007B17E7
                                                                            • VariantInit.OLEAUT32(00000000), ref: 007B1823
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                            • API String ID: 1234038744-3931177956
                                                                            • Opcode ID: 4b5fba06291aeb725c06b3cec438703b377883a472a20ff5fed0d19c037ffc19
                                                                            • Instruction ID: ea9fba5ebce09a780581ee598e2109c74265c0632f7bbec92390b3647720ffb4
                                                                            • Opcode Fuzzy Hash: 4b5fba06291aeb725c06b3cec438703b377883a472a20ff5fed0d19c037ffc19
                                                                            • Instruction Fuzzy Hash: 2BD10372600215EBDB209F64E8A9BF9B7B5BF44700FD08156F806AB180DB7CEC54DBA1
                                                                            Function 007CB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                              • Part of subcall function 007CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007CB6AE,?,?), ref: 007CC9B5
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CC9F1
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA68
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007CB6F4
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007CB772
                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 007CB80A
                                                                            • RegCloseKey.ADVAPI32(?), ref: 007CB87E
                                                                            • RegCloseKey.ADVAPI32(?), ref: 007CB89C
                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 007CB8F2
                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 007CB904
                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 007CB922
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 007CB983
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 007CB994
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                            • API String ID: 146587525-4033151799
                                                                            • Opcode ID: 2851f435ead61ff7832d340dfb8c2281e1f2535cf949b51ea2dc5cc6787f8fb1
                                                                            • Instruction ID: 4354fd56f9352fff4067ee8457cb8a9bf3f2a008eceec809e809dd6af62731ee
                                                                            • Opcode Fuzzy Hash: 2851f435ead61ff7832d340dfb8c2281e1f2535cf949b51ea2dc5cc6787f8fb1
                                                                            • Instruction Fuzzy Hash: 19C17B71205201EFD715DF24C499F2ABBE5BF84308F14859DF59A8B2A2CB3AEC45CB91
                                                                            Function 007C255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDC.USER32(00000000), ref: 007C25D8
                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 007C25E8
                                                                            • CreateCompatibleDC.GDI32(?), ref: 007C25F4
                                                                            • SelectObject.GDI32(00000000,?), ref: 007C2601
                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 007C266D
                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 007C26AC
                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 007C26D0
                                                                            • SelectObject.GDI32(?,?), ref: 007C26D8
                                                                            • DeleteObject.GDI32(?), ref: 007C26E1
                                                                            • DeleteDC.GDI32(?), ref: 007C26E8
                                                                            • ReleaseDC.USER32(00000000,?), ref: 007C26F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                            • String ID: (
                                                                            • API String ID: 2598888154-3887548279
                                                                            • Opcode ID: 5ce7944ba83f266e834b5b35cf6e8145cd55cb0d15c76a3f50c4c8ad9268f230
                                                                            • Instruction ID: 952aa884b8784810ccec9cceac03975ff9ce6b6872c5d8e3e1c4936b0be633b1
                                                                            • Opcode Fuzzy Hash: 5ce7944ba83f266e834b5b35cf6e8145cd55cb0d15c76a3f50c4c8ad9268f230
                                                                            • Instruction Fuzzy Hash: BF61E1B5D0021AEFCB05CFA8D884EAEBBB5FF48310F20852EE955A7251D774A941CF64
                                                                            Function 0077DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ___free_lconv_mon.LIBCMT ref: 0077DAA1
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D659
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D66B
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D67D
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D68F
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6A1
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6B3
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6C5
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6D7
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6E9
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6FB
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D70D
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D71F
                                                                              • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D731
                                                                            • _free.LIBCMT ref: 0077DA96
                                                                              • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                              • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                            • _free.LIBCMT ref: 0077DAB8
                                                                            • _free.LIBCMT ref: 0077DACD
                                                                            • _free.LIBCMT ref: 0077DAD8
                                                                            • _free.LIBCMT ref: 0077DAFA
                                                                            • _free.LIBCMT ref: 0077DB0D
                                                                            • _free.LIBCMT ref: 0077DB1B
                                                                            • _free.LIBCMT ref: 0077DB26
                                                                            • _free.LIBCMT ref: 0077DB5E
                                                                            • _free.LIBCMT ref: 0077DB65
                                                                            • _free.LIBCMT ref: 0077DB82
                                                                            • _free.LIBCMT ref: 0077DB9A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                            • String ID:
                                                                            • API String ID: 161543041-0
                                                                            • Opcode ID: 32cca78672ac480629a2b121d9556a9190482fe1a97df2017637db8b82c34edb
                                                                            • Instruction ID: b4e537cbdfdab0cdcdf0969f08a0e303c9b3c42cf8fabeccf8bc25fb55c9e653
                                                                            • Opcode Fuzzy Hash: 32cca78672ac480629a2b121d9556a9190482fe1a97df2017637db8b82c34edb
                                                                            • Instruction Fuzzy Hash: 50314871604305DFEF31AA78E849B5AB7E8FF00390F15C429E55CE71A2DA38BC818B60
                                                                            Function 007A365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 007A369C
                                                                            • _wcslen.LIBCMT ref: 007A36A7
                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 007A3797
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 007A380C
                                                                            • GetDlgCtrlID.USER32(?), ref: 007A385D
                                                                            • GetWindowRect.USER32(?,?), ref: 007A3882
                                                                            • GetParent.USER32(?), ref: 007A38A0
                                                                            • ScreenToClient.USER32(00000000), ref: 007A38A7
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 007A3921
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 007A395D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                            • String ID: %s%u
                                                                            • API String ID: 4010501982-679674701
                                                                            • Opcode ID: 3c79ae8ee9b07f32fcd7ff02147d77c946182d2102d22f410eb0ca658508ea68
                                                                            • Instruction ID: 6cb7cef989499c3a3e20fafd35d7c6f008787f8b0cb6f094638aac1e87022972
                                                                            • Opcode Fuzzy Hash: 3c79ae8ee9b07f32fcd7ff02147d77c946182d2102d22f410eb0ca658508ea68
                                                                            • Instruction Fuzzy Hash: F291C371204706EFD719DF24C885BAAF7A8FF85354F008729F999C2190DB38EA55CBA1
                                                                            Function 007A4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 007A4994
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 007A49DA
                                                                            • _wcslen.LIBCMT ref: 007A49EB
                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 007A49F7
                                                                            • _wcsstr.LIBVCRUNTIME ref: 007A4A2C
                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 007A4A64
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 007A4A9D
                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 007A4AE6
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 007A4B20
                                                                            • GetWindowRect.USER32(?,?), ref: 007A4B8B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                            • String ID: ThumbnailClass
                                                                            • API String ID: 1311036022-1241985126
                                                                            • Opcode ID: cab0bcaee1b19d796aace2ddd9cc22467d9643846633fadd16754ebc01cf64cb
                                                                            • Instruction ID: 3cfb66e9858f06fc925d321e1a76124114bbefc65e458cb7fb878df613989337
                                                                            • Opcode Fuzzy Hash: cab0bcaee1b19d796aace2ddd9cc22467d9643846633fadd16754ebc01cf64cb
                                                                            • Instruction Fuzzy Hash: CC91BF71004205DFDB04CF14C985BAAB7E8FFC5314F04866AFD869A096DB7AED45CBA1
                                                                            Function 007ABF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(00811990,000000FF,00000000,00000030), ref: 007ABFAC
                                                                            • SetMenuItemInfoW.USER32(00811990,00000004,00000000,00000030), ref: 007ABFE1
                                                                            • Sleep.KERNEL32(000001F4), ref: 007ABFF3
                                                                            • GetMenuItemCount.USER32(?), ref: 007AC039
                                                                            • GetMenuItemID.USER32(?,00000000), ref: 007AC056
                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 007AC082
                                                                            • GetMenuItemID.USER32(?,?), ref: 007AC0C9
                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 007AC10F
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007AC124
                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007AC145
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                            • String ID: 0
                                                                            • API String ID: 1460738036-4108050209
                                                                            • Opcode ID: 0e1de2a31c418ddfe0f08a497fd2f019a77776204ab7fe679a600caaa3d18357
                                                                            • Instruction ID: 93e5ba9c400db59dbf6c8470a4621fa59a66c725c80bb8e04c52ed77fc685bc6
                                                                            • Opcode Fuzzy Hash: 0e1de2a31c418ddfe0f08a497fd2f019a77776204ab7fe679a600caaa3d18357
                                                                            • Instruction Fuzzy Hash: 5B6172B0A0024AFFDF12CF64DD88AAE7BB8EB86344F144255F911A3251D739AD14CB60
                                                                            Function 007CCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 007CCC64
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 007CCC8D
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 007CCD48
                                                                              • Part of subcall function 007CCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 007CCCAA
                                                                              • Part of subcall function 007CCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 007CCCBD
                                                                              • Part of subcall function 007CCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 007CCCCF
                                                                              • Part of subcall function 007CCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 007CCD05
                                                                              • Part of subcall function 007CCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 007CCD28
                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 007CCCF3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                            • API String ID: 2734957052-4033151799
                                                                            • Opcode ID: 3fa6533ceae46525e02b6cacdedf189946729bcac5ba7f6336ec5076409bd94a
                                                                            • Instruction ID: 8db3bc025c18e02cd40d561a8a647b2a4d13a7e44125dc1babe168700a9724bf
                                                                            • Opcode Fuzzy Hash: 3fa6533ceae46525e02b6cacdedf189946729bcac5ba7f6336ec5076409bd94a
                                                                            • Instruction Fuzzy Hash: 75318571A01129BBDB228B50DC88EFFBB7CEF15740F00416DF90AE6140DB389A45DAB4
                                                                            Function 007B3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007B3D40
                                                                            • _wcslen.LIBCMT ref: 007B3D6D
                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 007B3D9D
                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 007B3DBE
                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 007B3DCE
                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 007B3E55
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007B3E60
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007B3E6B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                            • String ID: :$\$\??\%s
                                                                            • API String ID: 1149970189-3457252023
                                                                            • Opcode ID: f90452e331d092f9426934b821dcd2390627ad3f83b277beff498bb9d119e404
                                                                            • Instruction ID: 184a6c36987ac23a843bf6708784de8226557384ed3af958dc77f2b3da8745ac
                                                                            • Opcode Fuzzy Hash: f90452e331d092f9426934b821dcd2390627ad3f83b277beff498bb9d119e404
                                                                            • Instruction Fuzzy Hash: B7319475A4021AABDB219BA0DC49FEF37BCEF89700F5041B6F505D6160EB789784CB64
                                                                            Function 007AE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • timeGetTime.WINMM ref: 007AE6B4
                                                                              • Part of subcall function 0075E551: timeGetTime.WINMM(?,?,007AE6D4), ref: 0075E555
                                                                            • Sleep.KERNEL32(0000000A), ref: 007AE6E1
                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 007AE705
                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 007AE727
                                                                            • SetActiveWindow.USER32 ref: 007AE746
                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 007AE754
                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 007AE773
                                                                            • Sleep.KERNEL32(000000FA), ref: 007AE77E
                                                                            • IsWindow.USER32 ref: 007AE78A
                                                                            • EndDialog.USER32(00000000), ref: 007AE79B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                            • String ID: BUTTON
                                                                            • API String ID: 1194449130-3405671355
                                                                            • Opcode ID: 58cc93873a86dcc4ff7ad45ccf4cdd1812ec6c233eace6fffceb3a552198cf18
                                                                            • Instruction ID: 46ce6045e1faff55f35d96f1aade233a415c184f9a111f053057981460c7b4e5
                                                                            • Opcode Fuzzy Hash: 58cc93873a86dcc4ff7ad45ccf4cdd1812ec6c233eace6fffceb3a552198cf18
                                                                            • Instruction Fuzzy Hash: 322154B1201205AFEB019F60EC8DB653B7DFBE6749F108526F515821E1DB7DAC20CB29
                                                                            Function 007AE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 007AEA5D
                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 007AEA73
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007AEA84
                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 007AEA96
                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 007AEAA7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: SendString$_wcslen
                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                            • API String ID: 2420728520-1007645807
                                                                            • Opcode ID: 91182f3da4555b464c8b47ef52487f15c3c112d4deadf748ea9cb6e6ea1c8cfb
                                                                            • Instruction ID: 17f4d057d70f0191283f2be960cfa8df1614a715c308a4166ffeff3427682537
                                                                            • Opcode Fuzzy Hash: 91182f3da4555b464c8b47ef52487f15c3c112d4deadf748ea9cb6e6ea1c8cfb
                                                                            • Instruction Fuzzy Hash: AA115131A90259B9E720A7A5DC4AEFF6ABCFFD2B00F0445297411E21D1EB781925C5B0
                                                                            Function 007A9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?), ref: 007AA012
                                                                            • SetKeyboardState.USER32(?), ref: 007AA07D
                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 007AA09D
                                                                            • GetKeyState.USER32(000000A0), ref: 007AA0B4
                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 007AA0E3
                                                                            • GetKeyState.USER32(000000A1), ref: 007AA0F4
                                                                            • GetAsyncKeyState.USER32(00000011), ref: 007AA120
                                                                            • GetKeyState.USER32(00000011), ref: 007AA12E
                                                                            • GetAsyncKeyState.USER32(00000012), ref: 007AA157
                                                                            • GetKeyState.USER32(00000012), ref: 007AA165
                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 007AA18E
                                                                            • GetKeyState.USER32(0000005B), ref: 007AA19C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: State$Async$Keyboard
                                                                            • String ID:
                                                                            • API String ID: 541375521-0
                                                                            • Opcode ID: cc4abc043c9f2af5b2d5974b510d74a284637150002081e87c3136932ad41baf
                                                                            • Instruction ID: 629751b56888bef0d3c802e815b5c398f88fcd09df882def9c8b0ffa643c08a9
                                                                            • Opcode Fuzzy Hash: cc4abc043c9f2af5b2d5974b510d74a284637150002081e87c3136932ad41baf
                                                                            • Instruction Fuzzy Hash: 8A51CA2190578879FB35DB608415BEBBFB49F53340F08879AD5C2571C2EB5C9A4CC762
                                                                            Function 007A5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,00000001), ref: 007A5CE2
                                                                            • GetWindowRect.USER32(00000000,?), ref: 007A5CFB
                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 007A5D59
                                                                            • GetDlgItem.USER32(?,00000002), ref: 007A5D69
                                                                            • GetWindowRect.USER32(00000000,?), ref: 007A5D7B
                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 007A5DCF
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 007A5DDD
                                                                            • GetWindowRect.USER32(00000000,?), ref: 007A5DEF
                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 007A5E31
                                                                            • GetDlgItem.USER32(?,000003EA), ref: 007A5E44
                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 007A5E5A
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 007A5E67
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                            • String ID:
                                                                            • API String ID: 3096461208-0
                                                                            • Opcode ID: 3a44dcd3322449cb0ec32278c0900f3b2ce5c4ecfad4a6145f7c3c053307485a
                                                                            • Instruction ID: 0e5269e8c910ce3ea294d74baa7976b94d0570a516843730b0e99b7d8bf5abf1
                                                                            • Opcode Fuzzy Hash: 3a44dcd3322449cb0ec32278c0900f3b2ce5c4ecfad4a6145f7c3c053307485a
                                                                            • Instruction Fuzzy Hash: D3510EB1B00606AFDF19CF68DD89AAEBBB5FB89310F148229F515E7290D7749E04CB50
                                                                            Function 00758BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00758F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00758BE8,?,00000000,?,?,?,?,00758BBA,00000000,?), ref: 00758FC5
                                                                            • DestroyWindow.USER32(?), ref: 00758C81
                                                                            • KillTimer.USER32(00000000,?,?,?,?,00758BBA,00000000,?), ref: 00758D1B
                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00796973
                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00758BBA,00000000,?), ref: 007969A1
                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00758BBA,00000000,?), ref: 007969B8
                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00758BBA,00000000), ref: 007969D4
                                                                            • DeleteObject.GDI32(00000000), ref: 007969E6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                            • String ID:
                                                                            • API String ID: 641708696-0
                                                                            • Opcode ID: 44c8add2670d7215c2f5a22202aab5c647f8c3d6ef106c5aa3c09022e632d580
                                                                            • Instruction ID: 6aa9455b0e246d1b01d1b9959b8922c9f73b9d116a52b550edab426a7bb219ec
                                                                            • Opcode Fuzzy Hash: 44c8add2670d7215c2f5a22202aab5c647f8c3d6ef106c5aa3c09022e632d580
                                                                            • Instruction Fuzzy Hash: C861AF30502701DFCF629F14D948BA5BBF1FF40322F14865DE542AA660CBB9AC84CF65
                                                                            Function 00759838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00759944: GetWindowLongW.USER32(?,000000EB), ref: 00759952
                                                                            • GetSysColor.USER32(0000000F), ref: 00759862
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ColorLongWindow
                                                                            • String ID:
                                                                            • API String ID: 259745315-0
                                                                            • Opcode ID: b6bc442c8055250f81e4459d2f33dcc8e757faaa6da09edb063a32d935a61db3
                                                                            • Instruction ID: b8c18aeae82c04f0ee85dd91ec92cd954bc2ef783ae8da257ae73e4b421a5bce
                                                                            • Opcode Fuzzy Hash: b6bc442c8055250f81e4459d2f33dcc8e757faaa6da09edb063a32d935a61db3
                                                                            • Instruction Fuzzy Hash: D741B131105654DFDF215F389C88BF93BA5AB06332F148606FEA28B2E1D779AC46DB10
                                                                            Function 00778D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .v
                                                                            • API String ID: 0-281053895
                                                                            • Opcode ID: 3797eaf5e90d91cf5cdb808634ae2d70cd566e0a23dabeac6cfa3cdc8b8680d2
                                                                            • Instruction ID: d43defa46c7ffd539ff15311b80f6bf3774a148610201d2f618cd4b7b7802230
                                                                            • Opcode Fuzzy Hash: 3797eaf5e90d91cf5cdb808634ae2d70cd566e0a23dabeac6cfa3cdc8b8680d2
                                                                            • Instruction Fuzzy Hash: 08C1067490524AEFCF11DFA8D849BEDBBB4BF09350F048059E919A7392C7789941CF62
                                                                            Function 007A96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0078F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 007A9717
                                                                            • LoadStringW.USER32(00000000,?,0078F7F8,00000001), ref: 007A9720
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0078F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 007A9742
                                                                            • LoadStringW.USER32(00000000,?,0078F7F8,00000001), ref: 007A9745
                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 007A9866
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                            • API String ID: 747408836-2268648507
                                                                            • Opcode ID: 108d03fca86c571443fb78da3c2e224ed42b02bca32d60389794a21630070a7a
                                                                            • Instruction ID: 820d2e19a2ccb07b4c2d085a0cefceb722b88264ca4f5e909e395710cfab4abc
                                                                            • Opcode Fuzzy Hash: 108d03fca86c571443fb78da3c2e224ed42b02bca32d60389794a21630070a7a
                                                                            • Instruction Fuzzy Hash: 03412C72800219EADF04EBE0DD8ADEEB778AF55340F500125F605B2192EB3D6F58CB61
                                                                            Function 007A06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 007A07A2
                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 007A07BE
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 007A07DA
                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 007A0804
                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 007A082C
                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 007A0837
                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 007A083C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                            • API String ID: 323675364-22481851
                                                                            • Opcode ID: f47036bb0225239719d9c7d9d3b12c3e8c0af43a53aa6cc25edf79fc3892931d
                                                                            • Instruction ID: 2268fe1bc904a802ee2f91267c45080e15dd943c69052d0ecc920c21dc16a07d
                                                                            • Opcode Fuzzy Hash: f47036bb0225239719d9c7d9d3b12c3e8c0af43a53aa6cc25edf79fc3892931d
                                                                            • Instruction Fuzzy Hash: 5941F772C10229EBDF15EFA4DC998EEB778FF44350F144529E915A31A1EB389E04CBA0
                                                                            Function 007D3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 007D403B
                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 007D4042
                                                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 007D4055
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 007D405D
                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 007D4068
                                                                            • DeleteDC.GDI32(00000000), ref: 007D4072
                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 007D407C
                                                                            • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 007D4092
                                                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 007D409E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                            • String ID: static
                                                                            • API String ID: 2559357485-2160076837
                                                                            • Opcode ID: ca66b3252875f68161ed4370c06e78cbba8c452ea0c6a736739d2c8d1c82854a
                                                                            • Instruction ID: 4f548a45ea48b7453efcfd1866209e09424c56346c1fa12bfd88f20ee7b4c600
                                                                            • Opcode Fuzzy Hash: ca66b3252875f68161ed4370c06e78cbba8c452ea0c6a736739d2c8d1c82854a
                                                                            • Instruction Fuzzy Hash: 48315C7250121AABDF229FA4DC09FDA3B78EF0D320F114252FA15A61A0D779D820DB64
                                                                            Function 007C3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 007C3C5C
                                                                            • CoInitialize.OLE32(00000000), ref: 007C3C8A
                                                                            • CoUninitialize.OLE32 ref: 007C3C94
                                                                            • _wcslen.LIBCMT ref: 007C3D2D
                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 007C3DB1
                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 007C3ED5
                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 007C3F0E
                                                                            • CoGetObject.OLE32(?,00000000,007DFB98,?), ref: 007C3F2D
                                                                            • SetErrorMode.KERNEL32(00000000), ref: 007C3F40
                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 007C3FC4
                                                                            • VariantClear.OLEAUT32(?), ref: 007C3FD8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                            • String ID:
                                                                            • API String ID: 429561992-0
                                                                            • Opcode ID: 964954f3363311531400ab441381e534cabcbc4658c86649de40b6240f4e122d
                                                                            • Instruction ID: cc342bfad01c82448e478bde567871b0d51b0025f3063b6e75e11b44aa32928b
                                                                            • Opcode Fuzzy Hash: 964954f3363311531400ab441381e534cabcbc4658c86649de40b6240f4e122d
                                                                            • Instruction Fuzzy Hash: 50C112B16082059FD700DF68C884E2BBBE9FF89748F14891DF98A9B251D735EE05CB52
                                                                            Function 007B7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoInitialize.OLE32(00000000), ref: 007B7AF3
                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 007B7B8F
                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 007B7BA3
                                                                            • CoCreateInstance.OLE32(007DFD08,00000000,00000001,00806E6C,?), ref: 007B7BEF
                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 007B7C74
                                                                            • CoTaskMemFree.OLE32(?,?), ref: 007B7CCC
                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 007B7D57
                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 007B7D7A
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 007B7D81
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 007B7DD6
                                                                            • CoUninitialize.OLE32 ref: 007B7DDC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                            • String ID:
                                                                            • API String ID: 2762341140-0
                                                                            • Opcode ID: f0c3921ccda33c79b7cb0930b2912aa4494c4216b3e2e68e7b7e478c0ca6d3a7
                                                                            • Instruction ID: 13ae68e0b79a2903aa745cf56b291c1961d66c723aba113f52bf393da73b0867
                                                                            • Opcode Fuzzy Hash: f0c3921ccda33c79b7cb0930b2912aa4494c4216b3e2e68e7b7e478c0ca6d3a7
                                                                            • Instruction Fuzzy Hash: BAC12A75A04109EFCB14DFA4C898EAEBBB9FF48304B148499E91ADB361D734ED45CB90
                                                                            Function 007D541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 007D5504
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007D5515
                                                                            • CharNextW.USER32(00000158), ref: 007D5544
                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 007D5585
                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 007D559B
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007D55AC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CharNext
                                                                            • String ID:
                                                                            • API String ID: 1350042424-0
                                                                            • Opcode ID: 948b0ad72a5ed3122df4a2b0f70a21aee5bab0169565b094a4483b11290c157b
                                                                            • Instruction ID: c422f85ebfc121b5e6b5bf63e4b1f48930476f3a1fa192465bddbd4af8847c5c
                                                                            • Opcode Fuzzy Hash: 948b0ad72a5ed3122df4a2b0f70a21aee5bab0169565b094a4483b11290c157b
                                                                            • Instruction Fuzzy Hash: D8617C30901609EFDF119F54CC84EFE7BB9EF09760F14814AF925A6390D7789A80DB61
                                                                            Function 0079FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0079FAAF
                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0079FB08
                                                                            • VariantInit.OLEAUT32(?), ref: 0079FB1A
                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0079FB3A
                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0079FB8D
                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0079FBA1
                                                                            • VariantClear.OLEAUT32(?), ref: 0079FBB6
                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0079FBC3
                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0079FBCC
                                                                            • VariantClear.OLEAUT32(?), ref: 0079FBDE
                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0079FBE9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                            • String ID:
                                                                            • API String ID: 2706829360-0
                                                                            • Opcode ID: 090e9f9becd9006f89bb67b6348af27867788b6e1ffe39247206f0d5d576a11d
                                                                            • Instruction ID: 1c1ae583857dde14b92dcb45b5ffd22c9a102be115c4461c01460a4cdbc53b3c
                                                                            • Opcode Fuzzy Hash: 090e9f9becd9006f89bb67b6348af27867788b6e1ffe39247206f0d5d576a11d
                                                                            • Instruction Fuzzy Hash: 1E415F75A0021ADFCF01DF68D8589AEBBB9EF08354F00C069E945E7261CB38A945CBA0
                                                                            Function 007A9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?), ref: 007A9CA1
                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 007A9D22
                                                                            • GetKeyState.USER32(000000A0), ref: 007A9D3D
                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 007A9D57
                                                                            • GetKeyState.USER32(000000A1), ref: 007A9D6C
                                                                            • GetAsyncKeyState.USER32(00000011), ref: 007A9D84
                                                                            • GetKeyState.USER32(00000011), ref: 007A9D96
                                                                            • GetAsyncKeyState.USER32(00000012), ref: 007A9DAE
                                                                            • GetKeyState.USER32(00000012), ref: 007A9DC0
                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 007A9DD8
                                                                            • GetKeyState.USER32(0000005B), ref: 007A9DEA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: State$Async$Keyboard
                                                                            • String ID:
                                                                            • API String ID: 541375521-0
                                                                            • Opcode ID: 1d34ceddeb8751aa7ceb54a9681a8f85dada0f12c21b85dab1d56df7192797b9
                                                                            • Instruction ID: c182027c1fc281cb0d222429692d05dae8da5ba868f4951962110e8f5e0545c0
                                                                            • Opcode Fuzzy Hash: 1d34ceddeb8751aa7ceb54a9681a8f85dada0f12c21b85dab1d56df7192797b9
                                                                            • Instruction Fuzzy Hash: 5241D934604BCA69FF31867084443B5BEB06F93354F04825AD7C6565C2E7AC99E4C7A2
                                                                            Function 007C055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 007C05BC
                                                                            • inet_addr.WSOCK32(?), ref: 007C061C
                                                                            • gethostbyname.WSOCK32(?), ref: 007C0628
                                                                            • IcmpCreateFile.IPHLPAPI ref: 007C0636
                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 007C06C6
                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 007C06E5
                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 007C07B9
                                                                            • WSACleanup.WSOCK32 ref: 007C07BF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                            • String ID: Ping
                                                                            • API String ID: 1028309954-2246546115
                                                                            • Opcode ID: 9d1dfd4eaeedcbfad469680ff2540cc72d44ef131f5e6b87d639696e895086c7
                                                                            • Instruction ID: e14757f2c1d51b8bb833b0015ee3313f756df1f50fa3c76a6610495152c2c9b6
                                                                            • Opcode Fuzzy Hash: 9d1dfd4eaeedcbfad469680ff2540cc72d44ef131f5e6b87d639696e895086c7
                                                                            • Instruction Fuzzy Hash: CE918B75608201DFD724CF19C889F1ABBE0AF48318F1485ADE4699B6A2C738ED45CFD1
                                                                            Function 007C8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharLower
                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                            • API String ID: 707087890-567219261
                                                                            • Opcode ID: b191f01380723a9c22462a6efe454ce96b4edf66df558eaff39ed8ac4d99e38d
                                                                            • Instruction ID: f8945b2e03a38c9c82fb164078aeaec2dc0c3cf9d8b2aa6c624632a4d2ef81b4
                                                                            • Opcode Fuzzy Hash: b191f01380723a9c22462a6efe454ce96b4edf66df558eaff39ed8ac4d99e38d
                                                                            • Instruction Fuzzy Hash: 32519031A00116ABCB54DF6CC940ABEB7A5BF65720B24422DE926E72C5EB39ED40C791
                                                                            Function 007C372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoInitialize.OLE32 ref: 007C3774
                                                                            • CoUninitialize.OLE32 ref: 007C377F
                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,007DFB78,?), ref: 007C37D9
                                                                            • IIDFromString.OLE32(?,?), ref: 007C384C
                                                                            • VariantInit.OLEAUT32(?), ref: 007C38E4
                                                                            • VariantClear.OLEAUT32(?), ref: 007C3936
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                            • API String ID: 636576611-1287834457
                                                                            • Opcode ID: 7c52f2efcca24c28cba6c68f39c5ac991454b9a86421df4ea5e3151852f3e7b4
                                                                            • Instruction ID: 5efd99dd24d6fb508bc1439e016ab87a51a78e59e5a7c949ffdefd223e01259b
                                                                            • Opcode Fuzzy Hash: 7c52f2efcca24c28cba6c68f39c5ac991454b9a86421df4ea5e3151852f3e7b4
                                                                            • Instruction Fuzzy Hash: 28618C70608301AFD311DF54C889F6ABBE4EF49715F00890DF9859B291C778EE48CBA6
                                                                            Function 007B3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 007B33CF
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 007B33F0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LoadString$_wcslen
                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                            • API String ID: 4099089115-3080491070
                                                                            • Opcode ID: f4531f35013ca81896f87de800381f478ae980aab7a906376d81bd38b7429b76
                                                                            • Instruction ID: d207d8bf039fb014ed830008e364eb862c3a7990a613563019baaaeb36f0cec8
                                                                            • Opcode Fuzzy Hash: f4531f35013ca81896f87de800381f478ae980aab7a906376d81bd38b7429b76
                                                                            • Instruction Fuzzy Hash: 75516272900109EADF15EBA0DD4AEEEB778FF04340F104165F61972192EB396F68DB61
                                                                            Function 007AB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                            • API String ID: 1256254125-769500911
                                                                            • Opcode ID: a6e336bbd363e92da50ab3f725e8d2c0c29d85038f5798bb7f97ba822bd75ee8
                                                                            • Instruction ID: e4b90b9ed86606c08e281e73a68a2e4b071853a8011f63d5b24e02aca441c97e
                                                                            • Opcode Fuzzy Hash: a6e336bbd363e92da50ab3f725e8d2c0c29d85038f5798bb7f97ba822bd75ee8
                                                                            • Instruction Fuzzy Hash: 0441E632A00126DACB105FBD8C905BEB7A5FFE2754B24432AE521DB286F739DD81C790
                                                                            Function 007B5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 007B53A0
                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 007B5416
                                                                            • GetLastError.KERNEL32 ref: 007B5420
                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 007B54A7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                            • API String ID: 4194297153-14809454
                                                                            • Opcode ID: 043b862627dfb776f8992ff4148201d42eade6e7a40abb968445164fd09b3a71
                                                                            • Instruction ID: b06d15b98b4d473d5c9b2607b7a0c2eaf161af8ae36ab26f9c1bf291fe1eae59
                                                                            • Opcode Fuzzy Hash: 043b862627dfb776f8992ff4148201d42eade6e7a40abb968445164fd09b3a71
                                                                            • Instruction Fuzzy Hash: 5431E175A00245DFD711DF68C888BEABBB4FF05305F188065E901CB292EB79DD86CB90
                                                                            Function 007D3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMenu.USER32 ref: 007D3C79
                                                                            • SetMenu.USER32(?,00000000), ref: 007D3C88
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007D3D10
                                                                            • IsMenu.USER32(?), ref: 007D3D24
                                                                            • CreatePopupMenu.USER32 ref: 007D3D2E
                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 007D3D5B
                                                                            • DrawMenuBar.USER32 ref: 007D3D63
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                            • String ID: 0$F
                                                                            • API String ID: 161812096-3044882817
                                                                            • Opcode ID: b30af45d6a44990371e43cf33e4ed880dd762769d5ab48b2d38e7cb09e0c4bea
                                                                            • Instruction ID: 4ca12418efdd1716c5d9edecf076dbc996302de98401d6b20bb1560d4f0f21e3
                                                                            • Opcode Fuzzy Hash: b30af45d6a44990371e43cf33e4ed880dd762769d5ab48b2d38e7cb09e0c4bea
                                                                            • Instruction Fuzzy Hash: C0418DB5A0120AEFDF14CF64E844ADA7BB6FF49310F24402AF94697360D734AA10CF55
                                                                            Function 007A1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                              • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 007A1F64
                                                                            • GetDlgCtrlID.USER32 ref: 007A1F6F
                                                                            • GetParent.USER32 ref: 007A1F8B
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 007A1F8E
                                                                            • GetDlgCtrlID.USER32(?), ref: 007A1F97
                                                                            • GetParent.USER32(?), ref: 007A1FAB
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 007A1FAE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 711023334-1403004172
                                                                            • Opcode ID: aa85e21cbd7ade1cc69e284fda04a904bc082e73ce835c575f91829bbb94be06
                                                                            • Instruction ID: 0c764a10ef4939e0d8b3e49696961debe5bc9e25414300bc5b8f7b36045ca65e
                                                                            • Opcode Fuzzy Hash: aa85e21cbd7ade1cc69e284fda04a904bc082e73ce835c575f91829bbb94be06
                                                                            • Instruction Fuzzy Hash: BC21AF74901214AFDF05AFA0DC899EEBBB8EF46310F404296B961A72D1CB3C9904DB64
                                                                            Function 007A1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                              • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                            • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 007A2043
                                                                            • GetDlgCtrlID.USER32 ref: 007A204E
                                                                            • GetParent.USER32 ref: 007A206A
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 007A206D
                                                                            • GetDlgCtrlID.USER32(?), ref: 007A2076
                                                                            • GetParent.USER32(?), ref: 007A208A
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 007A208D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 711023334-1403004172
                                                                            • Opcode ID: 39d5b472ea0789a86f622775538c6d46bd79b08eed2fbacc9590cc8a0dd9ee28
                                                                            • Instruction ID: 51c5601ac07e054191b4aba0c122333255e21fc651a7e278e30e6a27f40bf313
                                                                            • Opcode Fuzzy Hash: 39d5b472ea0789a86f622775538c6d46bd79b08eed2fbacc9590cc8a0dd9ee28
                                                                            • Instruction Fuzzy Hash: F521BE75900214BBCF11AFA4CC89AEFBBB8EF06300F104546B961A72A2CB7D9915DB60
                                                                            Function 007D3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 007D3A9D
                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 007D3AA0
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 007D3AC7
                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 007D3AEA
                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 007D3B62
                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 007D3BAC
                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 007D3BC7
                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 007D3BE2
                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 007D3BF6
                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 007D3C13
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$LongWindow
                                                                            • String ID:
                                                                            • API String ID: 312131281-0
                                                                            • Opcode ID: eb6c2110d1c834c363182c93d93793ebd36cd1468dab4116ffe95a4155639b36
                                                                            • Instruction ID: 00e0ae36394d927cda80a6486ae9502e498c3a393c00eafc94eea87e8c98967c
                                                                            • Opcode Fuzzy Hash: eb6c2110d1c834c363182c93d93793ebd36cd1468dab4116ffe95a4155639b36
                                                                            • Instruction Fuzzy Hash: 8C615B75900248AFDB10DFA8CC85EEE77B8EF09710F10419AFA15A7391D778AA45DB60
                                                                            Function 007AB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThreadId.KERNEL32 ref: 007AB151
                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB165
                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 007AB16C
                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB17B
                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 007AB18D
                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB1A6
                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB1B8
                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB1FD
                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB212
                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB21D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                            • String ID:
                                                                            • API String ID: 2156557900-0
                                                                            • Opcode ID: 98f180baff98310863e4af28adde8707e491af422c3d1b856dc9a466851dc823
                                                                            • Instruction ID: 15eb42f3293f5de591794576d5338ffedee988b46dbe88c506faa2ab6b0d3e63
                                                                            • Opcode Fuzzy Hash: 98f180baff98310863e4af28adde8707e491af422c3d1b856dc9a466851dc823
                                                                            • Instruction Fuzzy Hash: EE31CC71500608BFDB119F24EC49BAE7BBDBF9A391F108206FA00D6191D7B89E00CF64
                                                                            Function 00772C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 00772C94
                                                                              • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                              • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                            • _free.LIBCMT ref: 00772CA0
                                                                            • _free.LIBCMT ref: 00772CAB
                                                                            • _free.LIBCMT ref: 00772CB6
                                                                            • _free.LIBCMT ref: 00772CC1
                                                                            • _free.LIBCMT ref: 00772CCC
                                                                            • _free.LIBCMT ref: 00772CD7
                                                                            • _free.LIBCMT ref: 00772CE2
                                                                            • _free.LIBCMT ref: 00772CED
                                                                            • _free.LIBCMT ref: 00772CFB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: b72744bb31048a7941af21af6d304bb0109d078a7583f412e0863e869deb9ec8
                                                                            • Instruction ID: 698f91c9c539250380f450a1a35ecbb737ea27621cf0bcbd70b4e063c5410076
                                                                            • Opcode Fuzzy Hash: b72744bb31048a7941af21af6d304bb0109d078a7583f412e0863e869deb9ec8
                                                                            • Instruction Fuzzy Hash: BA118376100208EFCF02EF64D846C9D7BA5BF09390F5584A5FA586B232D635EA919F90
                                                                            Function 007B7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007B7FAD
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B7FC1
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 007B7FEB
                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 007B8005
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B8017
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B8060
                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 007B80B0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                            • String ID: *.*
                                                                            • API String ID: 769691225-438819550
                                                                            • Opcode ID: 03017b8c7716464212b82fec6f9452fe13993e90569125f86775386c7ae37f88
                                                                            • Instruction ID: 98b70bd36cc692c9f6026a7a739d31eaac486f088456b59c426f9a5b7a73b71b
                                                                            • Opcode Fuzzy Hash: 03017b8c7716464212b82fec6f9452fe13993e90569125f86775386c7ae37f88
                                                                            • Instruction Fuzzy Hash: 94818072508201DBCB68EF14C844AAEB3E8BFC8350F544C5AF885DB250EB39ED49CB52
                                                                            Function 00745BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00745C7A
                                                                              • Part of subcall function 00745D0A: GetClientRect.USER32(?,?), ref: 00745D30
                                                                              • Part of subcall function 00745D0A: GetWindowRect.USER32(?,?), ref: 00745D71
                                                                              • Part of subcall function 00745D0A: ScreenToClient.USER32(?,?), ref: 00745D99
                                                                            • GetDC.USER32 ref: 007846F5
                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00784708
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00784716
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0078472B
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00784733
                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007847C4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                            • String ID: U
                                                                            • API String ID: 4009187628-3372436214
                                                                            • Opcode ID: 60955abc78ee15e241750f2af5cd7639b6c8fbcc42d8c943252391bfd95fa211
                                                                            • Instruction ID: c8ecd5c74bdcdf8848d6a8a9185b67bf7aad0781aa63fdc33350e7595a5d95fb
                                                                            • Opcode Fuzzy Hash: 60955abc78ee15e241750f2af5cd7639b6c8fbcc42d8c943252391bfd95fa211
                                                                            • Instruction Fuzzy Hash: 8B71F331500207DFCF21AF64C984AFA7BB5FF4A320F18426AED555A2A6D3799C41DF60
                                                                            Function 007B359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 007B35E4
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                            • LoadStringW.USER32(00812390,?,00000FFF,?), ref: 007B360A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LoadString$_wcslen
                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                            • API String ID: 4099089115-2391861430
                                                                            • Opcode ID: 287cd90a5797978e03abf076938cb98afe734b443d1ce8fba791e4c212404dc4
                                                                            • Instruction ID: c5136f42a66b96be97dae73d77b0ea171e239be5499a72b97d2d116ba90bd475
                                                                            • Opcode Fuzzy Hash: 287cd90a5797978e03abf076938cb98afe734b443d1ce8fba791e4c212404dc4
                                                                            • Instruction Fuzzy Hash: 94514171900209FADF15EBA0DC8AEEEBB78EF04300F144125F61572191EB395B99DF61
                                                                            Function 007BC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007BC272
                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007BC29A
                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 007BC2CA
                                                                            • GetLastError.KERNEL32 ref: 007BC322
                                                                            • SetEvent.KERNEL32(?), ref: 007BC336
                                                                            • InternetCloseHandle.WININET(00000000), ref: 007BC341
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                            • String ID:
                                                                            • API String ID: 3113390036-3916222277
                                                                            • Opcode ID: d2fc313d0321ab075152d01fb94bbb0bf3a04d26e6bf403973f49df4bbfc842b
                                                                            • Instruction ID: a5bb3f5f2f0c0b65df0f95a969cfe7daf594c7f1ed8c0feeeab3e3dcbe0e9294
                                                                            • Opcode Fuzzy Hash: d2fc313d0321ab075152d01fb94bbb0bf3a04d26e6bf403973f49df4bbfc842b
                                                                            • Instruction Fuzzy Hash: D0316BB1601208AFD7229F648C88BEB7BFCEB49754B54C51EF486D7200DB38DD049B65
                                                                            Function 007A989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00783AAF,?,?,Bad directive syntax error,007DCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 007A98BC
                                                                            • LoadStringW.USER32(00000000,?,00783AAF,?), ref: 007A98C3
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 007A9987
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                            • API String ID: 858772685-4153970271
                                                                            • Opcode ID: a71ac70843b8a94c13ffd1747e8063d715b9fe0c7e773a4efd698c8d26b2dd3c
                                                                            • Instruction ID: 220c0079d0992ec6024e826e173543595a2100f4293e1a2a267f4f23260a235f
                                                                            • Opcode Fuzzy Hash: a71ac70843b8a94c13ffd1747e8063d715b9fe0c7e773a4efd698c8d26b2dd3c
                                                                            • Instruction Fuzzy Hash: 4321943280021AFBDF15EF90CC0AEEE7779FF14300F044415F619651A2EB79A628DB60
                                                                            Function 007A209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32 ref: 007A20AB
                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 007A20C0
                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 007A214D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameParentSend
                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                            • API String ID: 1290815626-3381328864
                                                                            • Opcode ID: 734c2662bab92ae9095d6ed58899fbf449f62f8bc807a84f2bee6855d6241423
                                                                            • Instruction ID: 49d5bea2962146c6202d984b00064029d1c66229a84b2550a0dd909b8a7b9f06
                                                                            • Opcode Fuzzy Hash: 734c2662bab92ae9095d6ed58899fbf449f62f8bc807a84f2bee6855d6241423
                                                                            • Instruction Fuzzy Hash: 8C11E77668470BF9FA012228DC1ADA7379CDB46724B204216FA05E51D2FA6DA8435A14
                                                                            Function 0077CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                            • String ID:
                                                                            • API String ID: 1282221369-0
                                                                            • Opcode ID: 1c3504adefb53728e076568a2a8a7eeb8beb06517760ea4166a54b55e281af89
                                                                            • Instruction ID: e961d325183987ba13bed51b02f70731810443449e5b1800f0c76e69b42f8960
                                                                            • Opcode Fuzzy Hash: 1c3504adefb53728e076568a2a8a7eeb8beb06517760ea4166a54b55e281af89
                                                                            • Instruction Fuzzy Hash: 53612972904300AFDF22AFB4AC45AAD7BA9AF093D0F04C56EF94DA7242D63D9D41DB50
                                                                            Function 007D50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 007D5186
                                                                            • ShowWindow.USER32(?,00000000), ref: 007D51C7
                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 007D51CD
                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 007D51D1
                                                                              • Part of subcall function 007D6FBA: DeleteObject.GDI32(00000000), ref: 007D6FE6
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 007D520D
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007D521A
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 007D524D
                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 007D5287
                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 007D5296
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                            • String ID:
                                                                            • API String ID: 3210457359-0
                                                                            • Opcode ID: 1f0515c9581630e5082f4b6d51b068e89b068ea09f7b7b52b21e78d43dcc42f2
                                                                            • Instruction ID: a88a5c2841c54646a1e209267a37bd2255e708edc96f377839baf1c68dde6cb3
                                                                            • Opcode Fuzzy Hash: 1f0515c9581630e5082f4b6d51b068e89b068ea09f7b7b52b21e78d43dcc42f2
                                                                            • Instruction Fuzzy Hash: F5515C70A41A09EFEF209F28CC49BD93B75BB05361F148113FA25963E0C77EA998DB41
                                                                            Function 00758B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00796890
                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 007968A9
                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 007968B9
                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 007968D1
                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 007968F2
                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00758874,00000000,00000000,00000000,000000FF,00000000), ref: 00796901
                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0079691E
                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00758874,00000000,00000000,00000000,000000FF,00000000), ref: 0079692D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                            • String ID:
                                                                            • API String ID: 1268354404-0
                                                                            • Opcode ID: fc87e527da6cd7fcba5ed61671cc1b07f07bac00a11f00319730511730197ae4
                                                                            • Instruction ID: 1525625095009458766529dd4f395ca79c93912612f6011fcfe45a8816fbdb09
                                                                            • Opcode Fuzzy Hash: fc87e527da6cd7fcba5ed61671cc1b07f07bac00a11f00319730511730197ae4
                                                                            • Instruction Fuzzy Hash: 3F516AB0600209EFDF208F24DC55FAA7BB9FF44761F104619F952A62A0DBB8E954DB50
                                                                            Function 007BC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007BC182
                                                                            • GetLastError.KERNEL32 ref: 007BC195
                                                                            • SetEvent.KERNEL32(?), ref: 007BC1A9
                                                                              • Part of subcall function 007BC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007BC272
                                                                              • Part of subcall function 007BC253: GetLastError.KERNEL32 ref: 007BC322
                                                                              • Part of subcall function 007BC253: SetEvent.KERNEL32(?), ref: 007BC336
                                                                              • Part of subcall function 007BC253: InternetCloseHandle.WININET(00000000), ref: 007BC341
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                            • String ID:
                                                                            • API String ID: 337547030-0
                                                                            • Opcode ID: cc8ff679d3c6aab129f007f6721abbe3b716d2b15238888569ca0ba7f6dbe7a7
                                                                            • Instruction ID: 21288530d7bcef55539a91149070a585ddd445fbf0e3635025eb74e1256da144
                                                                            • Opcode Fuzzy Hash: cc8ff679d3c6aab129f007f6721abbe3b716d2b15238888569ca0ba7f6dbe7a7
                                                                            • Instruction Fuzzy Hash: 97317A71201606AFDB229FA5DC48BE6BBF9FF58310B04C41EF956C6610D738E814DBA0
                                                                            Function 007A25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 007A3A57
                                                                              • Part of subcall function 007A3A3D: GetCurrentThreadId.KERNEL32 ref: 007A3A5E
                                                                              • Part of subcall function 007A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007A25B3), ref: 007A3A65
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 007A25BD
                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 007A25DB
                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 007A25DF
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 007A25E9
                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 007A2601
                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 007A2605
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 007A260F
                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 007A2623
                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 007A2627
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                            • String ID:
                                                                            • API String ID: 2014098862-0
                                                                            • Opcode ID: 1e34eee2058fe0d4f773f94150de25a9e15afa496394cbd63f843fe425592cfd
                                                                            • Instruction ID: 729be01ebbf80715187f5eba83a353e40c76e06a4a42a572375971ff35f260a4
                                                                            • Opcode Fuzzy Hash: 1e34eee2058fe0d4f773f94150de25a9e15afa496394cbd63f843fe425592cfd
                                                                            • Instruction Fuzzy Hash: 2501B571790224FBFB106B689C8EF593F69DB8AB11F104142F354AE0D1CDE65845CA69
                                                                            Function 007A1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,007A1449,?,?,00000000), ref: 007A180C
                                                                            • HeapAlloc.KERNEL32(00000000,?,007A1449,?,?,00000000), ref: 007A1813
                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,007A1449,?,?,00000000), ref: 007A1828
                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,007A1449,?,?,00000000), ref: 007A1830
                                                                            • DuplicateHandle.KERNEL32(00000000,?,007A1449,?,?,00000000), ref: 007A1833
                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,007A1449,?,?,00000000), ref: 007A1843
                                                                            • GetCurrentProcess.KERNEL32(007A1449,00000000,?,007A1449,?,?,00000000), ref: 007A184B
                                                                            • DuplicateHandle.KERNEL32(00000000,?,007A1449,?,?,00000000), ref: 007A184E
                                                                            • CreateThread.KERNEL32(00000000,00000000,007A1874,00000000,00000000,00000000), ref: 007A1868
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                            • String ID:
                                                                            • API String ID: 1957940570-0
                                                                            • Opcode ID: 080edc0142152def17b9b9559a552def9303491df65a228dbd00a390630fbb2a
                                                                            • Instruction ID: 7605a324f994ed99ac1d5ebc40dd81b49e957be3ab2a7e9691b50647d38bd286
                                                                            • Opcode Fuzzy Hash: 080edc0142152def17b9b9559a552def9303491df65a228dbd00a390630fbb2a
                                                                            • Instruction Fuzzy Hash: 4601BFB5241319BFE711AB65DC4EF573B6CEB89B11F418511FA05DB191C6759C00CB24
                                                                            Function 00773E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __alldvrm$_strrchr
                                                                            • String ID: }}v$}}v$}}v
                                                                            • API String ID: 1036877536-3206339712
                                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                            • Instruction ID: a2e20217ef5263fffe90a847349a859e62e5daa294db5802733237c4250f6c16
                                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                            • Instruction Fuzzy Hash: B4A13672E003869FDF15DE18C8917AEBBE4EF613D0F1481ADE5999B282C33C8981C751
                                                                            Function 007CA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007AD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 007AD501
                                                                              • Part of subcall function 007AD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 007AD50F
                                                                              • Part of subcall function 007AD4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 007AD5DC
                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 007CA16D
                                                                            • GetLastError.KERNEL32 ref: 007CA180
                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 007CA1B3
                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 007CA268
                                                                            • GetLastError.KERNEL32(00000000), ref: 007CA273
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007CA2C4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                            • String ID: SeDebugPrivilege
                                                                            • API String ID: 1701285019-2896544425
                                                                            • Opcode ID: 417c0b183da354cf700758770e23f549a84596f6ed622f42e584cb0cdfcb0ac3
                                                                            • Instruction ID: 889027cc4cffc0aaf4fd8840ba34323085ac547f53c6c5b23f90560f1f2fa78d
                                                                            • Opcode Fuzzy Hash: 417c0b183da354cf700758770e23f549a84596f6ed622f42e584cb0cdfcb0ac3
                                                                            • Instruction Fuzzy Hash: 5F61AF71205256AFD720DF18C498F15BBE1BF84318F18848CE4668B7A3C77AEC45CB92
                                                                            Function 007D3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 007D3925
                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 007D393A
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 007D3954
                                                                            • _wcslen.LIBCMT ref: 007D3999
                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 007D39C6
                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 007D39F4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window_wcslen
                                                                            • String ID: SysListView32
                                                                            • API String ID: 2147712094-78025650
                                                                            • Opcode ID: 76d71e34cd7f28780e1ed197238903975248c05bf6ffbc2d18b0bbfc4f3b36f3
                                                                            • Instruction ID: 6d13c0924579322b0cf9abda9a623cef0098cba5f6c464f3d44256f8b95550c8
                                                                            • Opcode Fuzzy Hash: 76d71e34cd7f28780e1ed197238903975248c05bf6ffbc2d18b0bbfc4f3b36f3
                                                                            • Instruction Fuzzy Hash: A841A471A00219ABEF219F64CC49BEA7BB9FF08354F100567F958E7281D779E984CB90
                                                                            Function 007ABC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007ABCFD
                                                                            • IsMenu.USER32(00000000), ref: 007ABD1D
                                                                            • CreatePopupMenu.USER32 ref: 007ABD53
                                                                            • GetMenuItemCount.USER32(011C5A20), ref: 007ABDA4
                                                                            • InsertMenuItemW.USER32(011C5A20,?,00000001,00000030), ref: 007ABDCC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                            • String ID: 0$2
                                                                            • API String ID: 93392585-3793063076
                                                                            • Opcode ID: bb5e868f974e7f8b68b691ea79641cabe1ae2575178a44f05fec45a5598e1dfa
                                                                            • Instruction ID: 8024b64c55bdd0b1a8b780cedcec190b828fb24ada3fbfa2d861578aa19e3836
                                                                            • Opcode Fuzzy Hash: bb5e868f974e7f8b68b691ea79641cabe1ae2575178a44f05fec45a5598e1dfa
                                                                            • Instruction Fuzzy Hash: 9A519070B00205DBDF15CFB8D888BAEBBF4BF86314F248359E4119B292D778A945CB61
                                                                            Function 00762D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _ValidateLocalCookies.LIBCMT ref: 00762D4B
                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00762D53
                                                                            • _ValidateLocalCookies.LIBCMT ref: 00762DE1
                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00762E0C
                                                                            • _ValidateLocalCookies.LIBCMT ref: 00762E61
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                            • String ID: &Hv$csm
                                                                            • API String ID: 1170836740-404954504
                                                                            • Opcode ID: c23d7ae45b230b96efa000ded3e5be55cf157a3663ceaed705c48685625f5bac
                                                                            • Instruction ID: b1bfb52fbe3c11f32fde6795beecfca157bdd97b86ea3daad55b20b8d32b28d0
                                                                            • Opcode Fuzzy Hash: c23d7ae45b230b96efa000ded3e5be55cf157a3663ceaed705c48685625f5bac
                                                                            • Instruction Fuzzy Hash: 5241B534B01609EBCF50DF68C849A9EBBB5BF45324F148155EC166B393D739AA02CBD0
                                                                            Function 007AC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 007AC913
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconLoad
                                                                            • String ID: blank$info$question$stop$warning
                                                                            • API String ID: 2457776203-404129466
                                                                            • Opcode ID: 09f5be72deefbb0dce2a4fb594c4d18212895bd3e1396a68a94fd77f62805752
                                                                            • Instruction ID: 3074055beafcffa6b1627a5718d1e4e4721e944adc81727577aa7bb7fbb53c2b
                                                                            • Opcode Fuzzy Hash: 09f5be72deefbb0dce2a4fb594c4d18212895bd3e1396a68a94fd77f62805752
                                                                            • Instruction Fuzzy Hash: 17112B36689306FEE7065B549C82CAB27DCEF56324B10422EF900E62C2E7AC6D005269
                                                                            Function 007ADE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                            • String ID: 0.0.0.0
                                                                            • API String ID: 642191829-3771769585
                                                                            • Opcode ID: a65924f679f50ddee5585464f6124416400e16d88c9bff9af975b88864eab238
                                                                            • Instruction ID: 5957718b04000b00514c9284aa551b9f97c41326db2ca38c73a5e46fd2e793fc
                                                                            • Opcode Fuzzy Hash: a65924f679f50ddee5585464f6124416400e16d88c9bff9af975b88864eab238
                                                                            • Instruction Fuzzy Hash: 3B112471908205EFCB30AB309C0AEEE77BCDB52311F04026AF406A6091EF7C9E80CA60
                                                                            Function 007D9F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                            • GetSystemMetrics.USER32(0000000F), ref: 007D9FC7
                                                                            • GetSystemMetrics.USER32(0000000F), ref: 007D9FE7
                                                                            • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 007DA224
                                                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 007DA242
                                                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 007DA263
                                                                            • ShowWindow.USER32(00000003,00000000), ref: 007DA282
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 007DA2A7
                                                                            • DefDlgProcW.USER32(?,00000005,?,?), ref: 007DA2CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                            • String ID:
                                                                            • API String ID: 1211466189-0
                                                                            • Opcode ID: abd5e6ab291e9255f56a176c8e4ad108902a0c3ad9efffd219aa56548a87701f
                                                                            • Instruction ID: 16d5c25046acd23747343cb8b27e9d256a35f2cc21b193aad9bed99a32b1351b
                                                                            • Opcode Fuzzy Hash: abd5e6ab291e9255f56a176c8e4ad108902a0c3ad9efffd219aa56548a87701f
                                                                            • Instruction Fuzzy Hash: E3B1BA31600219EBDF14CF69C9857AE7BB2FF88711F08C06AED459B395D739A940CB61
                                                                            Function 007AED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$LocalTime
                                                                            • String ID:
                                                                            • API String ID: 952045576-0
                                                                            • Opcode ID: 0fcf85e64fe26f51cbf6415a8b17ca9463a2b2325a2cedbb075fdb25250aab60
                                                                            • Instruction ID: 62bb388ee87661c2ddb9f39ee34bc6acf8e2dddc5ee57385a1eb828e8e649a73
                                                                            • Opcode Fuzzy Hash: 0fcf85e64fe26f51cbf6415a8b17ca9463a2b2325a2cedbb075fdb25250aab60
                                                                            • Instruction Fuzzy Hash: AB41B366D10218F9DB11EBF4888E9CFB7A8AF45310F508562F915F3122FB38E645C3A5
                                                                            Function 0075F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0079682C,00000004,00000000,00000000), ref: 0075F953
                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0079682C,00000004,00000000,00000000), ref: 0079F3D1
                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0079682C,00000004,00000000,00000000), ref: 0079F454
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ShowWindow
                                                                            • String ID:
                                                                            • API String ID: 1268545403-0
                                                                            • Opcode ID: 15a78a349d183e9850e38929c9edb0a29aea91f853346f6c0df79acc8ffc58c2
                                                                            • Instruction ID: 52713499517eea1aecb95bf49a05c862068efd366e9758bcd6bf3c0ad5e8d42e
                                                                            • Opcode Fuzzy Hash: 15a78a349d183e9850e38929c9edb0a29aea91f853346f6c0df79acc8ffc58c2
                                                                            • Instruction Fuzzy Hash: 02412D31604AC0BADB359B28D88C7EA7BA5AF46352F14803DE947D2560C7BEB488C711
                                                                            Function 007D2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteObject.GDI32(00000000), ref: 007D2D1B
                                                                            • GetDC.USER32(00000000), ref: 007D2D23
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007D2D2E
                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 007D2D3A
                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 007D2D76
                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 007D2D87
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,007D5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 007D2DC2
                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 007D2DE1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 3864802216-0
                                                                            • Opcode ID: dfe5bcf7eaca685fc22b083b3aa28ac1d004a0090faa40684cf564f63e2235ee
                                                                            • Instruction ID: ecfadf6bb61f5c44d6c3539516f2fc82e2e3da2575a0182a38d823744e08a9b7
                                                                            • Opcode Fuzzy Hash: dfe5bcf7eaca685fc22b083b3aa28ac1d004a0090faa40684cf564f63e2235ee
                                                                            • Instruction Fuzzy Hash: 04317F72202214BFEB154F50CC89FEB3BB9EF19715F048056FE089A291D6799C51C7A4
                                                                            Function 007A5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _memcmp
                                                                            • String ID:
                                                                            • API String ID: 2931989736-0
                                                                            • Opcode ID: 0ba49f33f4ecb4cd14723bc12a62e635443a8343d6baa0d9af70134bf105b649
                                                                            • Instruction ID: baf1689b1f086e6440f939d8ad70e80d47383c7c291d7684c446d43b33f4f50e
                                                                            • Opcode Fuzzy Hash: 0ba49f33f4ecb4cd14723bc12a62e635443a8343d6baa0d9af70134bf105b649
                                                                            • Instruction Fuzzy Hash: 0521DEA1741A05F7D21455214E86FFB336CAFA2784F844121FD175A741F72CED2082B5
                                                                            Function 007C4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                            • API String ID: 0-572801152
                                                                            • Opcode ID: 4ef8be68a26e580a46ab8bf91588fc2ea9135e35e61a6a7e2f1817ee149e87bc
                                                                            • Instruction ID: 3ce7a064e0ea8bdc7dbd85a92c3643b81aa20aca70e3fdab64ab1ce87a6531f3
                                                                            • Opcode Fuzzy Hash: 4ef8be68a26e580a46ab8bf91588fc2ea9135e35e61a6a7e2f1817ee149e87bc
                                                                            • Instruction Fuzzy Hash: 74D19F71A0060A9FDF10CFA8C885FAEB7B5BF48344F14816DE915AB281E775ED81CB90
                                                                            Function 00781522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCPInfo.KERNEL32(?,?), ref: 007815CE
                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00781651
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007816E4
                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007816FB
                                                                              • Part of subcall function 00773820: RtlAllocateHeap.NTDLL(00000000,?,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6,?,00741129), ref: 00773852
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00781777
                                                                            • __freea.LIBCMT ref: 007817A2
                                                                            • __freea.LIBCMT ref: 007817AE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                            • String ID:
                                                                            • API String ID: 2829977744-0
                                                                            • Opcode ID: 36b11b43d1454a2f9f8f7646c1a2bed9ad8c5116bab12069c447fefb7d22e618
                                                                            • Instruction ID: 584fb257989832260ee45bbee8b280bdf0c6888db3f29f7c01d001491e556b72
                                                                            • Opcode Fuzzy Hash: 36b11b43d1454a2f9f8f7646c1a2bed9ad8c5116bab12069c447fefb7d22e618
                                                                            • Instruction Fuzzy Hash: 5991D571E402169ADF20AE74CC85EEE7BBD9F49350F984659E806E7141EB3DCD42CB60
                                                                            Function 007C4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit
                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                            • API String ID: 2610073882-625585964
                                                                            • Opcode ID: 66828ac228911d0f0b3dbce5b9464d0975d8739dd52290144df7236fe02bab5d
                                                                            • Instruction ID: a75b4def97749dafe234bd5ce48c7fd53b1a11ee8136369cf5a065b246dda474
                                                                            • Opcode Fuzzy Hash: 66828ac228911d0f0b3dbce5b9464d0975d8739dd52290144df7236fe02bab5d
                                                                            • Instruction Fuzzy Hash: 2E917E71A00219ABDF20CFA4CC58FAEBBB8EF46714F10855DF915AB280D7789945CBA0
                                                                            Function 007B1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 007B125C
                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 007B1284
                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 007B12A8
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007B12D8
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007B135F
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007B13C4
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007B1430
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                            • String ID:
                                                                            • API String ID: 2550207440-0
                                                                            • Opcode ID: a3580b173b0d26c4ffc0ee8403ad965e94983bd5f56054ae6c5d9431de8c4576
                                                                            • Instruction ID: f658eed0c2d910736429e6b90d35293b7a9ab2a76d45d5b1adb9ba8413408fc9
                                                                            • Opcode Fuzzy Hash: a3580b173b0d26c4ffc0ee8403ad965e94983bd5f56054ae6c5d9431de8c4576
                                                                            • Instruction Fuzzy Hash: 6991B171A002199FDB01DFA4C8A8BFE77B5FF45725F918029E900E7291D77DA941CB90
                                                                            Function 0075948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                            • String ID:
                                                                            • API String ID: 3225163088-0
                                                                            • Opcode ID: 5b7a0a70a6257ad782ea20852429b09f9e74898613435a59096c310f71ffbb23
                                                                            • Instruction ID: 1c7f4fb0b82d8e456617089086f8d346ce4a2bda0bcb979f3710965067f8b665
                                                                            • Opcode Fuzzy Hash: 5b7a0a70a6257ad782ea20852429b09f9e74898613435a59096c310f71ffbb23
                                                                            • Instruction Fuzzy Hash: 95914871D00219EFCB15CFA9CC88AEEBBB8FF48321F148155EA15B7291D378A955CB60
                                                                            Function 007C3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 007C396B
                                                                            • CharUpperBuffW.USER32(?,?), ref: 007C3A7A
                                                                            • _wcslen.LIBCMT ref: 007C3A8A
                                                                            • VariantClear.OLEAUT32(?), ref: 007C3C1F
                                                                              • Part of subcall function 007B0CDF: VariantInit.OLEAUT32(00000000), ref: 007B0D1F
                                                                              • Part of subcall function 007B0CDF: VariantCopy.OLEAUT32(?,?), ref: 007B0D28
                                                                              • Part of subcall function 007B0CDF: VariantClear.OLEAUT32(?), ref: 007B0D34
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                            • API String ID: 4137639002-1221869570
                                                                            • Opcode ID: 4753fb54e9a66122cb9c93b2bf826a0d2fe4a0481ce8fd5ff25a9f818b68ba32
                                                                            • Instruction ID: 810144e87c0869dde662765ac38dd35511cb10e676f3f3c357ba2dd24270f74b
                                                                            • Opcode Fuzzy Hash: 4753fb54e9a66122cb9c93b2bf826a0d2fe4a0481ce8fd5ff25a9f818b68ba32
                                                                            • Instruction Fuzzy Hash: 9F9123756083059FC714DF28C485A6AB7E4FF89314F14892EF88A9B351DB39EE05CB92
                                                                            Function 007C4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007A000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?,?,007A035E), ref: 007A002B
                                                                              • Part of subcall function 007A000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?), ref: 007A0046
                                                                              • Part of subcall function 007A000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?), ref: 007A0054
                                                                              • Part of subcall function 007A000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?), ref: 007A0064
                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 007C4C51
                                                                            • _wcslen.LIBCMT ref: 007C4D59
                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 007C4DCF
                                                                            • CoTaskMemFree.OLE32(?), ref: 007C4DDA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                            • String ID: NULL Pointer assignment
                                                                            • API String ID: 614568839-2785691316
                                                                            • Opcode ID: 0a9a6ff1648a86b1b815b6a1257f48ae7d7d330589950425d3f04605ac23f6fb
                                                                            • Instruction ID: 2d988936a85d2885d4dfe3db06804c44ced4471d277c60507098c4d2f391201a
                                                                            • Opcode Fuzzy Hash: 0a9a6ff1648a86b1b815b6a1257f48ae7d7d330589950425d3f04605ac23f6fb
                                                                            • Instruction Fuzzy Hash: 9E911471D00219EBDF11DFA4C895EEEB7B8BF08310F10856EE915A7251EB389A44CFA0
                                                                            Function 007D20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenu.USER32(?), ref: 007D2183
                                                                            • GetMenuItemCount.USER32(00000000), ref: 007D21B5
                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 007D21DD
                                                                            • _wcslen.LIBCMT ref: 007D2213
                                                                            • GetMenuItemID.USER32(?,?), ref: 007D224D
                                                                            • GetSubMenu.USER32(?,?), ref: 007D225B
                                                                              • Part of subcall function 007A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 007A3A57
                                                                              • Part of subcall function 007A3A3D: GetCurrentThreadId.KERNEL32 ref: 007A3A5E
                                                                              • Part of subcall function 007A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007A25B3), ref: 007A3A65
                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 007D22E3
                                                                              • Part of subcall function 007AE97B: Sleep.KERNEL32 ref: 007AE9F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                            • String ID:
                                                                            • API String ID: 4196846111-0
                                                                            • Opcode ID: c3b2c8aa03bbea558af3b5d427e93c24c4d9e95d692203d7e191d4b823322030
                                                                            • Instruction ID: ed9a579c7f966b1d915fd42a2ad301a6f8f3f2947af293aad2db4e57fffc7f5e
                                                                            • Opcode Fuzzy Hash: c3b2c8aa03bbea558af3b5d427e93c24c4d9e95d692203d7e191d4b823322030
                                                                            • Instruction Fuzzy Hash: 20718D35A00205EFCB11DF64C845AAEBBF5FF98310F15845AE816AB352DB39ED42CB90
                                                                            Function 007D7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindow.USER32(011C5908), ref: 007D7F37
                                                                            • IsWindowEnabled.USER32(011C5908), ref: 007D7F43
                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 007D801E
                                                                            • SendMessageW.USER32(011C5908,000000B0,?,?), ref: 007D8051
                                                                            • IsDlgButtonChecked.USER32(?,?), ref: 007D8089
                                                                            • GetWindowLongW.USER32(011C5908,000000EC), ref: 007D80AB
                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 007D80C3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                            • String ID:
                                                                            • API String ID: 4072528602-0
                                                                            • Opcode ID: 64f0d73f4f901f7f031e6b27d8bba06920b3d675e6112a0f5d97ce5a1a77e535
                                                                            • Instruction ID: 68685654bb759c529c4f094ae9eacc6495144a7e5566899342a5810a08f5e23b
                                                                            • Opcode Fuzzy Hash: 64f0d73f4f901f7f031e6b27d8bba06920b3d675e6112a0f5d97ce5a1a77e535
                                                                            • Instruction Fuzzy Hash: 56719074608204AFEF399F54C884FEABBB9FF09300F14445BE95597361DB39A946CB21
                                                                            Function 007AAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32(?), ref: 007AAEF9
                                                                            • GetKeyboardState.USER32(?), ref: 007AAF0E
                                                                            • SetKeyboardState.USER32(?), ref: 007AAF6F
                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 007AAF9D
                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 007AAFBC
                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 007AAFFD
                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 007AB020
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                            • String ID:
                                                                            • API String ID: 87235514-0
                                                                            • Opcode ID: 2b81eb8fe86f52d1f694a81d4b849ffec2aba917d94b76bffe41e50c5eb6f021
                                                                            • Instruction ID: b9751fe5a6ccb146309ba4d79d3ffcabf646a6785c4979f0c1f902aaa3253523
                                                                            • Opcode Fuzzy Hash: 2b81eb8fe86f52d1f694a81d4b849ffec2aba917d94b76bffe41e50c5eb6f021
                                                                            • Instruction Fuzzy Hash: 2E51A1A06047D57DFB3643348C49BBBBEA95B87304F08868AF1D9554C3C39CE884D751
                                                                            Function 007AACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32(00000000), ref: 007AAD19
                                                                            • GetKeyboardState.USER32(?), ref: 007AAD2E
                                                                            • SetKeyboardState.USER32(?), ref: 007AAD8F
                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 007AADBB
                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 007AADD8
                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 007AAE17
                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 007AAE38
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                            • String ID:
                                                                            • API String ID: 87235514-0
                                                                            • Opcode ID: 692e284881721fd767a7dc95c18767c512540c3472b0331bfcfb3cbd33ea6896
                                                                            • Instruction ID: 7a99c86170cd8534fa1d40e24e962e85f7444fb8595365b44057152d8e9076b1
                                                                            • Opcode Fuzzy Hash: 692e284881721fd767a7dc95c18767c512540c3472b0331bfcfb3cbd33ea6896
                                                                            • Instruction Fuzzy Hash: 6751B6A16087D53DFB3783348C56B7ABEA96B87301F088689E1D5568C3D39CEC84D762
                                                                            Function 0077542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetConsoleCP.KERNEL32(00783CD6,?,?,?,?,?,?,?,?,00775BA3,?,?,00783CD6,?,?), ref: 00775470
                                                                            • __fassign.LIBCMT ref: 007754EB
                                                                            • __fassign.LIBCMT ref: 00775506
                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00783CD6,00000005,00000000,00000000), ref: 0077552C
                                                                            • WriteFile.KERNEL32(?,00783CD6,00000000,00775BA3,00000000,?,?,?,?,?,?,?,?,?,00775BA3,?), ref: 0077554B
                                                                            • WriteFile.KERNEL32(?,?,00000001,00775BA3,00000000,?,?,?,?,?,?,?,?,?,00775BA3,?), ref: 00775584
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                            • String ID:
                                                                            • API String ID: 1324828854-0
                                                                            • Opcode ID: 452fb43b5b5cf18ad93a110dc9da28aaf42c90dc0b2baa4d3669602490b339e8
                                                                            • Instruction ID: 3ccd4079b70d274fd6ce114d8fc84cf863297224339c66b30ecec73445933d48
                                                                            • Opcode Fuzzy Hash: 452fb43b5b5cf18ad93a110dc9da28aaf42c90dc0b2baa4d3669602490b339e8
                                                                            • Instruction Fuzzy Hash: 7251C3709007499FDF11CFA8D845AEEBBFAEF08340F14811AF559E7291E7749A51CB60
                                                                            Function 007C10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007C307A
                                                                              • Part of subcall function 007C304E: _wcslen.LIBCMT ref: 007C309B
                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 007C1112
                                                                            • WSAGetLastError.WSOCK32 ref: 007C1121
                                                                            • WSAGetLastError.WSOCK32 ref: 007C11C9
                                                                            • closesocket.WSOCK32(00000000), ref: 007C11F9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                            • String ID:
                                                                            • API String ID: 2675159561-0
                                                                            • Opcode ID: 194aa18d1041240ff4b4babb9532e2cacf7295d7bfcea94792589450afb91eb4
                                                                            • Instruction ID: bd5cba04b6a6f1ecb4d0eaa204be9c5dcaf8de52f281dced591e0073678802dc
                                                                            • Opcode Fuzzy Hash: 194aa18d1041240ff4b4babb9532e2cacf7295d7bfcea94792589450afb91eb4
                                                                            • Instruction Fuzzy Hash: B641C231600209AFDB119F14C888FA9B7E9EF46324F58816DFD159B292C77CED41CBA5
                                                                            Function 007ACF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007ADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,007ACF22,?), ref: 007ADDFD
                                                                              • Part of subcall function 007ADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,007ACF22,?), ref: 007ADE16
                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 007ACF45
                                                                            • MoveFileW.KERNEL32(?,?), ref: 007ACF7F
                                                                            • _wcslen.LIBCMT ref: 007AD005
                                                                            • _wcslen.LIBCMT ref: 007AD01B
                                                                            • SHFileOperationW.SHELL32(?), ref: 007AD061
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                            • String ID: \*.*
                                                                            • API String ID: 3164238972-1173974218
                                                                            • Opcode ID: 65a6104e2918cc8d8d1ce8c764075f473c7c69f620d4eda49dc5bf39040cf9fc
                                                                            • Instruction ID: ccfd7a4b8d6dd1f0359f7edcc3a936b2e0189d51ea882fb6c88fdc3b4ab4ae6e
                                                                            • Opcode Fuzzy Hash: 65a6104e2918cc8d8d1ce8c764075f473c7c69f620d4eda49dc5bf39040cf9fc
                                                                            • Instruction Fuzzy Hash: EA4166729452199FDF13EFA4C985ADEB7B9AF49380F0001E6E505EB141EB38AB44CB50
                                                                            Function 007D2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 007D2E1C
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 007D2E4F
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 007D2E84
                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 007D2EB6
                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 007D2EE0
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 007D2EF1
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007D2F0B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongWindow$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 2178440468-0
                                                                            • Opcode ID: 1719af54094cb34dbf0514c0c56d1895007a132691dd344af08f37d8ff85ba2d
                                                                            • Instruction ID: dd1d5e8375c694d7e54a999b0a52e176230b17cb882c62698e8b5cb144da4458
                                                                            • Opcode Fuzzy Hash: 1719af54094cb34dbf0514c0c56d1895007a132691dd344af08f37d8ff85ba2d
                                                                            • Instruction Fuzzy Hash: FC311530645141AFDB21CF18DC88FA537F4FBAA710F1441A6FA148B2B2CB75E842DB04
                                                                            Function 007A7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A7769
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A778F
                                                                            • SysAllocString.OLEAUT32(00000000), ref: 007A7792
                                                                            • SysAllocString.OLEAUT32(?), ref: 007A77B0
                                                                            • SysFreeString.OLEAUT32(?), ref: 007A77B9
                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 007A77DE
                                                                            • SysAllocString.OLEAUT32(?), ref: 007A77EC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                            • String ID:
                                                                            • API String ID: 3761583154-0
                                                                            • Opcode ID: 58675a047b273ff965ccd49fe6b21e9b5c16d4ea72dccb88aacc5ee1fbccb13d
                                                                            • Instruction ID: ce2d7580227013bebf67ee6e0e4fd15fd6e7b27cf2123bcbb907ea123d8d73a8
                                                                            • Opcode Fuzzy Hash: 58675a047b273ff965ccd49fe6b21e9b5c16d4ea72dccb88aacc5ee1fbccb13d
                                                                            • Instruction Fuzzy Hash: D421C17660921AAFDF14DFA8CC88CFB77ACEB4A3647008226FA04DB150D678DC41C764
                                                                            Function 007A77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A7842
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A7868
                                                                            • SysAllocString.OLEAUT32(00000000), ref: 007A786B
                                                                            • SysAllocString.OLEAUT32 ref: 007A788C
                                                                            • SysFreeString.OLEAUT32 ref: 007A7895
                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 007A78AF
                                                                            • SysAllocString.OLEAUT32(?), ref: 007A78BD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                            • String ID:
                                                                            • API String ID: 3761583154-0
                                                                            • Opcode ID: 85d99ccb53fbe856a5d780f0c470c98dfad57fa593bed6bdae0df8cedefe01b7
                                                                            • Instruction ID: 5248a629c5a84c74adf9c0b4930c2e2a8c81ace272ece9f3a4bbc00829d042ae
                                                                            • Opcode Fuzzy Hash: 85d99ccb53fbe856a5d780f0c470c98dfad57fa593bed6bdae0df8cedefe01b7
                                                                            • Instruction Fuzzy Hash: 9721A171609205AFDB149FA8DC8CDAA77ECEF4A3607108225F915CB2A5D67CDC41CB68
                                                                            Function 007B04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 007B04F2
                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 007B052E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHandlePipe
                                                                            • String ID: nul
                                                                            • API String ID: 1424370930-2873401336
                                                                            • Opcode ID: 4938838731f1441b90a71f141453c7eaeeab7b437c7f4b9f45c2c0a360bc070f
                                                                            • Instruction ID: e0d0077e30f11d859473e6570202cfb5ccea2bb5e5e0c45c03f18cbebda97e06
                                                                            • Opcode Fuzzy Hash: 4938838731f1441b90a71f141453c7eaeeab7b437c7f4b9f45c2c0a360bc070f
                                                                            • Instruction Fuzzy Hash: 21212BB5500206AFDB309F69DC49F9A77B4BF45724F204A19E8A1D62E0E7749960CFA0
                                                                            Function 007B05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 007B05C6
                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 007B0601
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHandlePipe
                                                                            • String ID: nul
                                                                            • API String ID: 1424370930-2873401336
                                                                            • Opcode ID: 90708db1a67fb5e5fb5f24b2f65868800183c8b029f9b8381d9c19d2379af34f
                                                                            • Instruction ID: 1fd8f558bedb1c9f40ff188bd020b7cf155774f8d66d3d6fb09f85a041e5e2ee
                                                                            • Opcode Fuzzy Hash: 90708db1a67fb5e5fb5f24b2f65868800183c8b029f9b8381d9c19d2379af34f
                                                                            • Instruction Fuzzy Hash: 52217F755003169BDB209F698C08BDB77F4BF95724F204B19E8A1E72E0D7749860CB94
                                                                            Function 007D40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0074600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0074604C
                                                                              • Part of subcall function 0074600E: GetStockObject.GDI32(00000011), ref: 00746060
                                                                              • Part of subcall function 0074600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0074606A
                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 007D4112
                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 007D411F
                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 007D412A
                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 007D4139
                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 007D4145
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                            • String ID: Msctls_Progress32
                                                                            • API String ID: 1025951953-3636473452
                                                                            • Opcode ID: 0479a0c429c4a0ee56d46c4720e146d11c163a38299d328d6781a70b40017a9f
                                                                            • Instruction ID: 27fa139d2d521b1796a548070ea1cbc59343e05bf64b7901e0015d05c53c881e
                                                                            • Opcode Fuzzy Hash: 0479a0c429c4a0ee56d46c4720e146d11c163a38299d328d6781a70b40017a9f
                                                                            • Instruction Fuzzy Hash: EB1193B115011DBFEF119F64CC85EE77F6DEF08798F004111B718A2190C6769C21DBA4
                                                                            Function 0077D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0077D7A3: _free.LIBCMT ref: 0077D7CC
                                                                            • _free.LIBCMT ref: 0077D82D
                                                                              • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                              • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                            • _free.LIBCMT ref: 0077D838
                                                                            • _free.LIBCMT ref: 0077D843
                                                                            • _free.LIBCMT ref: 0077D897
                                                                            • _free.LIBCMT ref: 0077D8A2
                                                                            • _free.LIBCMT ref: 0077D8AD
                                                                            • _free.LIBCMT ref: 0077D8B8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                            • Instruction ID: 92c46a8665066abc1a0f6263ccea0503a407af604eda8ab0d5ecc91ea522039f
                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                            • Instruction Fuzzy Hash: 7E114271540704EADD31BFB4CC4BFCBBBEC6F40780F448815B2ADA60A3DA69B9454A90
                                                                            Function 007ADA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 007ADA74
                                                                            • LoadStringW.USER32(00000000), ref: 007ADA7B
                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 007ADA91
                                                                            • LoadStringW.USER32(00000000), ref: 007ADA98
                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 007ADADC
                                                                            Strings
                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 007ADAB9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadModuleString$Message
                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                            • API String ID: 4072794657-3128320259
                                                                            • Opcode ID: 1fac117a199b32d76704aefb8a37e0f5de650b9dd6630d9a4fab1c27b33d0dbe
                                                                            • Instruction ID: 39bb2d905452db3e272654c47f0339a2ab2475cf3b8d137229bae1b8effe314a
                                                                            • Opcode Fuzzy Hash: 1fac117a199b32d76704aefb8a37e0f5de650b9dd6630d9a4fab1c27b33d0dbe
                                                                            • Instruction Fuzzy Hash: F00186F2500219BFE7519BA0DD89EEB377CEB09301F408592B706E2041EA789E848F78
                                                                            Function 007B096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InterlockedExchange.KERNEL32(011BE6B0,011BE6B0), ref: 007B097B
                                                                            • EnterCriticalSection.KERNEL32(011BE690,00000000), ref: 007B098D
                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 007B099B
                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 007B09A9
                                                                            • CloseHandle.KERNEL32(?), ref: 007B09B8
                                                                            • InterlockedExchange.KERNEL32(011BE6B0,000001F6), ref: 007B09C8
                                                                            • LeaveCriticalSection.KERNEL32(011BE690), ref: 007B09CF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                            • String ID:
                                                                            • API String ID: 3495660284-0
                                                                            • Opcode ID: 9fbd13a78034ea17a4d102184273ff7a3568a8657508b2b372e260f1c7e723d0
                                                                            • Instruction ID: 5e859b95b8f90801984185c0a3c2908aa9685f0cf2c8266da60510c174f96a01
                                                                            • Opcode Fuzzy Hash: 9fbd13a78034ea17a4d102184273ff7a3568a8657508b2b372e260f1c7e723d0
                                                                            • Instruction Fuzzy Hash: E2F0EC32483A13BBD7525FA4EE8DBD6BB39FF05702F406126F242908A1C779A465CF94
                                                                            Function 00745D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClientRect.USER32(?,?), ref: 00745D30
                                                                            • GetWindowRect.USER32(?,?), ref: 00745D71
                                                                            • ScreenToClient.USER32(?,?), ref: 00745D99
                                                                            • GetClientRect.USER32(?,?), ref: 00745ED7
                                                                            • GetWindowRect.USER32(?,?), ref: 00745EF8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Client$Window$Screen
                                                                            • String ID:
                                                                            • API String ID: 1296646539-0
                                                                            • Opcode ID: a1b1c13e79304485da679a24385d0c295e3fe6158d02b89307e863e748fcea49
                                                                            • Instruction ID: 89c262993ad97f0ca7c646fe62337ed8a1699e58a16c5bd7b4d566aaf110b7b1
                                                                            • Opcode Fuzzy Hash: a1b1c13e79304485da679a24385d0c295e3fe6158d02b89307e863e748fcea49
                                                                            • Instruction Fuzzy Hash: CBB17835A00B4ADBDB10DFA9C4807EEB7F1FF58310F14851AE8AAD7250DB38AA51DB54
                                                                            Function 007701B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __allrem.LIBCMT ref: 007700BA
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007700D6
                                                                            • __allrem.LIBCMT ref: 007700ED
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0077010B
                                                                            • __allrem.LIBCMT ref: 00770122
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00770140
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                            • String ID:
                                                                            • API String ID: 1992179935-0
                                                                            • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                            • Instruction ID: 352f69e39eed34db66f26e574fb727fd00c7174e131dd5b454a4b51ef1277c03
                                                                            • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                            • Instruction Fuzzy Hash: 36811872A00706DFEB24AF28DC45BAF73E9AF413A4F24853AF515D7681E778D9008B90
                                                                            Function 007C1D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,007C101C,00000000,?,?,00000000), ref: 007C3195
                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 007C1DC0
                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 007C1DE1
                                                                            • WSAGetLastError.WSOCK32 ref: 007C1DF2
                                                                            • inet_ntoa.WSOCK32(?), ref: 007C1E8C
                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 007C1EDB
                                                                            • _strlen.LIBCMT ref: 007C1F35
                                                                              • Part of subcall function 007A39E8: _strlen.LIBCMT ref: 007A39F2
                                                                              • Part of subcall function 00746D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0075CF58,?,?,?), ref: 00746DBA
                                                                              • Part of subcall function 00746D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0075CF58,?,?,?), ref: 00746DED
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                            • String ID:
                                                                            • API String ID: 1923757996-0
                                                                            • Opcode ID: e8c96b21c91ea87c05afb1b8b26f9bd114408c781e69cc4700c17c273788b5fc
                                                                            • Instruction ID: aea5f636760dc7caffe26a3a339cdb62cee0b71e726f45865c3619316dd2c279
                                                                            • Opcode Fuzzy Hash: e8c96b21c91ea87c05afb1b8b26f9bd114408c781e69cc4700c17c273788b5fc
                                                                            • Instruction Fuzzy Hash: E4A1A131204340AFC314DF24C899F2AB7E5AF86318F94895CF4565B2A3DB79ED46CB92
                                                                            Function 007761FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007682D9,007682D9,?,?,?,0077644F,00000001,00000001,8BE85006), ref: 00776258
                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0077644F,00000001,00000001,8BE85006,?,?,?), ref: 007762DE
                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007763D8
                                                                            • __freea.LIBCMT ref: 007763E5
                                                                              • Part of subcall function 00773820: RtlAllocateHeap.NTDLL(00000000,?,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6,?,00741129), ref: 00773852
                                                                            • __freea.LIBCMT ref: 007763EE
                                                                            • __freea.LIBCMT ref: 00776413
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1414292761-0
                                                                            • Opcode ID: eba3e2565af6155a5e4678156cd5cb0e2b326a9a5d54fd1cb69da0cd472312be
                                                                            • Instruction ID: ff4d0b23f323811c1139f709b2f4f3df9ca5523ef80e8f6bbeb0e93845bd9138
                                                                            • Opcode Fuzzy Hash: eba3e2565af6155a5e4678156cd5cb0e2b326a9a5d54fd1cb69da0cd472312be
                                                                            • Instruction Fuzzy Hash: A251E172600A16ABEF258F64CC85EBF77AAEF44790F148629FC09D6145EB38DC40C7A0
                                                                            Function 007CBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                              • Part of subcall function 007CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007CB6AE,?,?), ref: 007CC9B5
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CC9F1
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA68
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007CBCCA
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007CBD25
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 007CBD6A
                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 007CBD99
                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 007CBDF3
                                                                            • RegCloseKey.ADVAPI32(?), ref: 007CBDFF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                            • String ID:
                                                                            • API String ID: 1120388591-0
                                                                            • Opcode ID: b6a7984e02c16b4d4c333e1c403a636e515dbff8eec6b298c747b4e7082160cf
                                                                            • Instruction ID: 2b8ec22725310e0e917bd74ea12d64994fa7655b0cf9c0cf5b338fde9a18fe16
                                                                            • Opcode Fuzzy Hash: b6a7984e02c16b4d4c333e1c403a636e515dbff8eec6b298c747b4e7082160cf
                                                                            • Instruction Fuzzy Hash: 2381A070208241EFD714DF24C886E2ABBE5FF84308F14895DF55A4B2A2DB35ED45CB92
                                                                            Function 0079F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(00000035), ref: 0079F7B9
                                                                            • SysAllocString.OLEAUT32(00000001), ref: 0079F860
                                                                            • VariantCopy.OLEAUT32(0079FA64,00000000), ref: 0079F889
                                                                            • VariantClear.OLEAUT32(0079FA64), ref: 0079F8AD
                                                                            • VariantCopy.OLEAUT32(0079FA64,00000000), ref: 0079F8B1
                                                                            • VariantClear.OLEAUT32(?), ref: 0079F8BB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                            • String ID:
                                                                            • API String ID: 3859894641-0
                                                                            • Opcode ID: ff861b310f7fd5ba6495ca7ca89de4518e3cd09718eaf9149e3afefa90707f45
                                                                            • Instruction ID: 1f46cdcfb529b8169afe4d7a00d464f1f95c8658a4919439173a2c525634612a
                                                                            • Opcode Fuzzy Hash: ff861b310f7fd5ba6495ca7ca89de4518e3cd09718eaf9149e3afefa90707f45
                                                                            • Instruction Fuzzy Hash: E151D431601310FACF64AF65E899B69B3A8EF45320B248467E905DF291DB78DC40C796
                                                                            Function 007B910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00747620: _wcslen.LIBCMT ref: 00747625
                                                                              • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 007B94E5
                                                                            • _wcslen.LIBCMT ref: 007B9506
                                                                            • _wcslen.LIBCMT ref: 007B952D
                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 007B9585
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                            • String ID: X
                                                                            • API String ID: 83654149-3081909835
                                                                            • Opcode ID: ce9afcb5861211bd8c5e5c3ae14c8e6e99c0d9e702a5a7433fc8f2c77b102d49
                                                                            • Instruction ID: 9630144811b1fb5f66a7f2989999cf26cb344721672617217d21744b2478b461
                                                                            • Opcode Fuzzy Hash: ce9afcb5861211bd8c5e5c3ae14c8e6e99c0d9e702a5a7433fc8f2c77b102d49
                                                                            • Instruction Fuzzy Hash: 24E1B131508340DFD724DF24C885BAAB7E4BF85310F14896DFA999B2A2DB39DD05CB92
                                                                            Function 0075920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                            • BeginPaint.USER32(?,?,?), ref: 00759241
                                                                            • GetWindowRect.USER32(?,?), ref: 007592A5
                                                                            • ScreenToClient.USER32(?,?), ref: 007592C2
                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007592D3
                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00759321
                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 007971EA
                                                                              • Part of subcall function 00759339: BeginPath.GDI32(00000000), ref: 00759357
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                            • String ID:
                                                                            • API String ID: 3050599898-0
                                                                            • Opcode ID: 11e14c6bfc4a94382e797370735f83a0cc18bd423ebc4716f3918e6542518663
                                                                            • Instruction ID: 047a80f3c61d946256644489403436de0b2762d8df0b76f7631f496fce37d7ba
                                                                            • Opcode Fuzzy Hash: 11e14c6bfc4a94382e797370735f83a0cc18bd423ebc4716f3918e6542518663
                                                                            • Instruction Fuzzy Hash: 5541AB70105205EFDB11DF24D888FEA7BB8FF95321F144229FAA4872A1C7799849DB61
                                                                            Function 007B07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 007B080C
                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 007B0847
                                                                            • EnterCriticalSection.KERNEL32(?), ref: 007B0863
                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 007B08DC
                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 007B08F3
                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 007B0921
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                            • String ID:
                                                                            • API String ID: 3368777196-0
                                                                            • Opcode ID: b63d509afb4d02cd9df8e8f0e3c830a45a6bfeb08f6a970caf49cf114bcd1bc8
                                                                            • Instruction ID: 3522ea1ce9fa7922d8c22a42052f4e7d5350a3327aa87a9d3d788beedb82fb28
                                                                            • Opcode Fuzzy Hash: b63d509afb4d02cd9df8e8f0e3c830a45a6bfeb08f6a970caf49cf114bcd1bc8
                                                                            • Instruction Fuzzy Hash: 6E419C71900205EFDF15AF54DC85AAA77B8FF04300F1080A9ED009A297D779EE64DBA4
                                                                            Function 007D81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0079F3AB,00000000,?,?,00000000,?,0079682C,00000004,00000000,00000000), ref: 007D824C
                                                                            • EnableWindow.USER32(?,00000000), ref: 007D8272
                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 007D82D1
                                                                            • ShowWindow.USER32(?,00000004), ref: 007D82E5
                                                                            • EnableWindow.USER32(?,00000001), ref: 007D830B
                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 007D832F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 642888154-0
                                                                            • Opcode ID: 9f78a0dbc74051c4c84486ad32b4fd4cec6e44e11f635febd40f78d629e9b7da
                                                                            • Instruction ID: 42d89b32e987a0bca50cb7e4ab185e1d32301c320f428190aa3299a57af46f67
                                                                            • Opcode Fuzzy Hash: 9f78a0dbc74051c4c84486ad32b4fd4cec6e44e11f635febd40f78d629e9b7da
                                                                            • Instruction Fuzzy Hash: 3B419434601644AFDF51CF25CC99BE87BF0FF0A715F1882AAE6584B362CB35A841CB52
                                                                            Function 007A4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindowVisible.USER32(?), ref: 007A4C95
                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 007A4CB2
                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 007A4CEA
                                                                            • _wcslen.LIBCMT ref: 007A4D08
                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 007A4D10
                                                                            • _wcsstr.LIBVCRUNTIME ref: 007A4D1A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                            • String ID:
                                                                            • API String ID: 72514467-0
                                                                            • Opcode ID: dbbe68b824aba4abb8fca6fadea02d42dcb3a03d075138eaf4651c317a2aad67
                                                                            • Instruction ID: 5e170a1a13ba9fa97bf58b694b7c7548a22bdb14f8ad8e18dd6185e13ab99889
                                                                            • Opcode Fuzzy Hash: dbbe68b824aba4abb8fca6fadea02d42dcb3a03d075138eaf4651c317a2aad67
                                                                            • Instruction Fuzzy Hash: E121F932605201BBEB155B399C4AE7B7BACDFC6750F10817AF909CA191DEAADC01D6A0
                                                                            Function 007B581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00743AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00743A97,?,?,00742E7F,?,?,?,00000000), ref: 00743AC2
                                                                            • _wcslen.LIBCMT ref: 007B587B
                                                                            • CoInitialize.OLE32(00000000), ref: 007B5995
                                                                            • CoCreateInstance.OLE32(007DFCF8,00000000,00000001,007DFB68,?), ref: 007B59AE
                                                                            • CoUninitialize.OLE32 ref: 007B59CC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                            • String ID: .lnk
                                                                            • API String ID: 3172280962-24824748
                                                                            • Opcode ID: b9ca3289e84730995db17f35fe4de064abb820d7c5d1579666ff5169f400eea3
                                                                            • Instruction ID: ea6a4c0ccdded84477871868246ec58f95e30528f0ce46c823a5094b4b0c9a50
                                                                            • Opcode Fuzzy Hash: b9ca3289e84730995db17f35fe4de064abb820d7c5d1579666ff5169f400eea3
                                                                            • Instruction Fuzzy Hash: 89D153B1608701DFC714DF24C484A6ABBE5EF89710F14895DF88A9B361DB39EC45CB92
                                                                            Function 007A175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007A0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 007A0FCA
                                                                              • Part of subcall function 007A0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 007A0FD6
                                                                              • Part of subcall function 007A0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 007A0FE5
                                                                              • Part of subcall function 007A0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 007A0FEC
                                                                              • Part of subcall function 007A0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 007A1002
                                                                            • GetLengthSid.ADVAPI32(?,00000000,007A1335), ref: 007A17AE
                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 007A17BA
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 007A17C1
                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 007A17DA
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,007A1335), ref: 007A17EE
                                                                            • HeapFree.KERNEL32(00000000), ref: 007A17F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                            • String ID:
                                                                            • API String ID: 3008561057-0
                                                                            • Opcode ID: 7bc3489bf014625d967d4a6255e7ad805f28058b9b8e2a0a0e5fe00b82222758
                                                                            • Instruction ID: dc486fea8116964fee5ef06a5db5dd987c91564c8f90fde22f5bb731f8dfdf7d
                                                                            • Opcode Fuzzy Hash: 7bc3489bf014625d967d4a6255e7ad805f28058b9b8e2a0a0e5fe00b82222758
                                                                            • Instruction Fuzzy Hash: 6511BE72501216FFEB119FA4CC49FAE7BB9EB82355F508219F481A7290D73AAD40CB60
                                                                            Function 007A14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 007A14FF
                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 007A1506
                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 007A1515
                                                                            • CloseHandle.KERNEL32(00000004), ref: 007A1520
                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 007A154F
                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 007A1563
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                            • String ID:
                                                                            • API String ID: 1413079979-0
                                                                            • Opcode ID: 7fa8a6b318b40beb8de9c44afae640ae3248a31950210506f9ec5dfd5be62aa8
                                                                            • Instruction ID: 3f332115b134cf9aa22f468e5cf74261d975c89b5206884071e4e1fd871f357d
                                                                            • Opcode Fuzzy Hash: 7fa8a6b318b40beb8de9c44afae640ae3248a31950210506f9ec5dfd5be62aa8
                                                                            • Instruction Fuzzy Hash: E111297250124AEBEF128F98DD49BDE7BB9EF89754F048115FA05A20A0C379CE60DB61
                                                                            Function 00763382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,00763379,00762FE5), ref: 00763390
                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0076339E
                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007633B7
                                                                            • SetLastError.KERNEL32(00000000,?,00763379,00762FE5), ref: 00763409
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLastValue___vcrt_
                                                                            • String ID:
                                                                            • API String ID: 3852720340-0
                                                                            • Opcode ID: f264041a1f67e7fd8a2b7d155f0118dd13c3262dabe85d77e7cde7708c6162f3
                                                                            • Instruction ID: c8625e191a724a4dac0f39b2089509390c96a1e1cc35d7d86ad191ab87b35c56
                                                                            • Opcode Fuzzy Hash: f264041a1f67e7fd8a2b7d155f0118dd13c3262dabe85d77e7cde7708c6162f3
                                                                            • Instruction Fuzzy Hash: 8C01F733609711FEEA252B75BC895672FA4FB05379720432AFD13852F1EF194D11D544
                                                                            Function 00772D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,00775686,00783CD6,?,00000000,?,00775B6A,?,?,?,?,?,0076E6D1,?,00808A48), ref: 00772D78
                                                                            • _free.LIBCMT ref: 00772DAB
                                                                            • _free.LIBCMT ref: 00772DD3
                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0076E6D1,?,00808A48,00000010,00744F4A,?,?,00000000,00783CD6), ref: 00772DE0
                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0076E6D1,?,00808A48,00000010,00744F4A,?,?,00000000,00783CD6), ref: 00772DEC
                                                                            • _abort.LIBCMT ref: 00772DF2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_free$_abort
                                                                            • String ID:
                                                                            • API String ID: 3160817290-0
                                                                            • Opcode ID: 3cd87ca3071ce4674e41031c6cc94c2782d22f257974644e43ce4103912f5d9c
                                                                            • Instruction ID: ac5cfc5f8216954bcc4a785bf179d483367cb83c88fb4b5efd1307e6cf5c0bce
                                                                            • Opcode Fuzzy Hash: 3cd87ca3071ce4674e41031c6cc94c2782d22f257974644e43ce4103912f5d9c
                                                                            • Instruction Fuzzy Hash: 79F0A431A05601BBCE732778BC0EA5A2669BFC27E1F24C519F83C921E7EE2C98435561
                                                                            Function 007D8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00759639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00759693
                                                                              • Part of subcall function 00759639: SelectObject.GDI32(?,00000000), ref: 007596A2
                                                                              • Part of subcall function 00759639: BeginPath.GDI32(?), ref: 007596B9
                                                                              • Part of subcall function 00759639: SelectObject.GDI32(?,00000000), ref: 007596E2
                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 007D8A4E
                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 007D8A62
                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 007D8A70
                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 007D8A80
                                                                            • EndPath.GDI32(?), ref: 007D8A90
                                                                            • StrokePath.GDI32(?), ref: 007D8AA0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                            • String ID:
                                                                            • API String ID: 43455801-0
                                                                            • Opcode ID: a03b135ddb4a8bb93369b990d5d5fcfaf9b6f2de988f294a434293126eda922a
                                                                            • Instruction ID: de166be223cb0028deffe274cd990c4176408beed0083179404e15192c192f87
                                                                            • Opcode Fuzzy Hash: a03b135ddb4a8bb93369b990d5d5fcfaf9b6f2de988f294a434293126eda922a
                                                                            • Instruction Fuzzy Hash: 2811F37600114DFFEF129F90EC88EAA7F6CEB08350F00C022FA199A1A1C7769D55DBA0
                                                                            Function 007A51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDC.USER32(00000000), ref: 007A5218
                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 007A5229
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007A5230
                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 007A5238
                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 007A524F
                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 007A5261
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDevice$Release
                                                                            • String ID:
                                                                            • API String ID: 1035833867-0
                                                                            • Opcode ID: 3880731f309b844046196168c9bcf3504467489aa4e72554a0225743ac94c1dc
                                                                            • Instruction ID: 43121deb36adfddd1db394a9667ca109e6f1e3fde0f3b6652fa456ed7b038873
                                                                            • Opcode Fuzzy Hash: 3880731f309b844046196168c9bcf3504467489aa4e72554a0225743ac94c1dc
                                                                            • Instruction Fuzzy Hash: 8D018FB5A01719BBEB119BA59C49B4EBFB8FF48351F088166FA04A7280D674D800CBA5
                                                                            Function 00741BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00741BF4
                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00741BFC
                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00741C07
                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00741C12
                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00741C1A
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00741C22
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Virtual
                                                                            • String ID:
                                                                            • API String ID: 4278518827-0
                                                                            • Opcode ID: b822f699d6d1558b43cee443de3439b2a9ae71caeffac3a072ca49a7d266e236
                                                                            • Instruction ID: edb945f172e8001103454b6b430d2645cb302497af60e1c53ba6441d0ed51147
                                                                            • Opcode Fuzzy Hash: b822f699d6d1558b43cee443de3439b2a9ae71caeffac3a072ca49a7d266e236
                                                                            • Instruction Fuzzy Hash: ED0167B0902B5ABDE3008F6A8C85B52FFB8FF19354F00415BA15C4BA42C7F5A864CBE5
                                                                            Function 007AEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 007AEB30
                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 007AEB46
                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 007AEB55
                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007AEB64
                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007AEB6E
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007AEB75
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                            • String ID:
                                                                            • API String ID: 839392675-0
                                                                            • Opcode ID: af2d64760165d4561ca64144bc37f5e1d6ce2e36d96c01092a0bbbd2907aaa02
                                                                            • Instruction ID: e9602502c5121a624ec2a24cd0156eede0ec282d4205438f4d1f1da186647389
                                                                            • Opcode Fuzzy Hash: af2d64760165d4561ca64144bc37f5e1d6ce2e36d96c01092a0bbbd2907aaa02
                                                                            • Instruction Fuzzy Hash: 9BF05B72142159BBD72257529C0DEEF7F7CEFC7B11F004159F501D1091D7A55A01C6B9
                                                                            Function 00797439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClientRect.USER32(?), ref: 00797452
                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00797469
                                                                            • GetWindowDC.USER32(?), ref: 00797475
                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00797484
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00797496
                                                                            • GetSysColor.USER32(00000005), ref: 007974B0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                            • String ID:
                                                                            • API String ID: 272304278-0
                                                                            • Opcode ID: be3843df76e4c244d884c439ad11378840e2fca4ca4586a7a840ddcc96bda4c3
                                                                            • Instruction ID: d8bff15ed9352f4356b32b8819391e0019387bad5a8e0e9500aa08e96e9f9445
                                                                            • Opcode Fuzzy Hash: be3843df76e4c244d884c439ad11378840e2fca4ca4586a7a840ddcc96bda4c3
                                                                            • Instruction Fuzzy Hash: B0018B31405216EFDB125FA4EC08BEE7BB5FF04311F2081A1FA16A21B1CB391E51EB14
                                                                            Function 007A1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 007A187F
                                                                            • UnloadUserProfile.USERENV(?,?), ref: 007A188B
                                                                            • CloseHandle.KERNEL32(?), ref: 007A1894
                                                                            • CloseHandle.KERNEL32(?), ref: 007A189C
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 007A18A5
                                                                            • HeapFree.KERNEL32(00000000), ref: 007A18AC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                            • String ID:
                                                                            • API String ID: 146765662-0
                                                                            • Opcode ID: 1c8770afec7bb77a27627ef8ef9c9434dbd580215ea4a3d1dc38afcf315f83c2
                                                                            • Instruction ID: babdcfd8096cdd8f3d70878f44cf3d59f9716c4d079eee183f305655b569970e
                                                                            • Opcode Fuzzy Hash: 1c8770afec7bb77a27627ef8ef9c9434dbd580215ea4a3d1dc38afcf315f83c2
                                                                            • Instruction Fuzzy Hash: BEE0E576045116FBDB026FA1ED0C90ABF39FF49B22B10C222F225810B0CB369820DF58
                                                                            Function 007C7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00760242: EnterCriticalSection.KERNEL32(0081070C,00811884,?,?,0075198B,00812518,?,?,?,007412F9,00000000), ref: 0076024D
                                                                              • Part of subcall function 00760242: LeaveCriticalSection.KERNEL32(0081070C,?,0075198B,00812518,?,?,?,007412F9,00000000), ref: 0076028A
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                              • Part of subcall function 007600A3: __onexit.LIBCMT ref: 007600A9
                                                                            • __Init_thread_footer.LIBCMT ref: 007C7BFB
                                                                              • Part of subcall function 007601F8: EnterCriticalSection.KERNEL32(0081070C,?,?,00758747,00812514), ref: 00760202
                                                                              • Part of subcall function 007601F8: LeaveCriticalSection.KERNEL32(0081070C,?,00758747,00812514), ref: 00760235
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                            • String ID: +Ty$5$G$Variable must be of type 'Object'.
                                                                            • API String ID: 535116098-3104342744
                                                                            • Opcode ID: c21bb4cc4c5ea9217f59ff12b0ca867fd8de02feac28df39c4eada047eae4904
                                                                            • Instruction ID: 38dd022bac30000e3401761fb92b95f8dc40bf2a07e98ad2cae9b46616bd5c55
                                                                            • Opcode Fuzzy Hash: c21bb4cc4c5ea9217f59ff12b0ca867fd8de02feac28df39c4eada047eae4904
                                                                            • Instruction Fuzzy Hash: 00916A70A04209EFCB18EF94D895EADB7B5FF48300F14805DF8069B292DB79AE45DB61
                                                                            Function 007AC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00747620: _wcslen.LIBCMT ref: 00747625
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007AC6EE
                                                                            • _wcslen.LIBCMT ref: 007AC735
                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007AC79C
                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 007AC7CA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                            • String ID: 0
                                                                            • API String ID: 1227352736-4108050209
                                                                            • Opcode ID: 04871787ca8e373daea6642bd2cd43074f86ec78a2b3c629244739f03a0dade9
                                                                            • Instruction ID: ebfc4c03f2379d76c6b8ff47fdae5399bbf98289a6c42439228aa86c6d2c8350
                                                                            • Opcode Fuzzy Hash: 04871787ca8e373daea6642bd2cd43074f86ec78a2b3c629244739f03a0dade9
                                                                            • Instruction Fuzzy Hash: 3551A071605301ABD716DF28C889AAA77E8AF8A310F040B29F9A5D6191DB7CD944CF92
                                                                            Function 007A719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 007A7206
                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 007A723C
                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 007A724D
                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 007A72CF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                            • String ID: DllGetClassObject
                                                                            • API String ID: 753597075-1075368562
                                                                            • Opcode ID: 60c0d546eccaef426958c5f656a6a74fda64925a51b4e95b670df4ef567fdf15
                                                                            • Instruction ID: e6bd059d903f6d9178be62f5ed4472c3a959ae22a84694eb84d1bc7d4ebc9341
                                                                            • Opcode Fuzzy Hash: 60c0d546eccaef426958c5f656a6a74fda64925a51b4e95b670df4ef567fdf15
                                                                            • Instruction Fuzzy Hash: D1419DB1604204EFDB19CF54CC84B9A7BB9FF89310F1481AABD059F24AD7B9D941CBA0
                                                                            Function 007D3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007D3E35
                                                                            • IsMenu.USER32(?), ref: 007D3E4A
                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 007D3E92
                                                                            • DrawMenuBar.USER32 ref: 007D3EA5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                            • String ID: 0
                                                                            • API String ID: 3076010158-4108050209
                                                                            • Opcode ID: 5863711f9116621e7e23b97c5ed989993ac7b2a0065825c759a4c3a1efb40777
                                                                            • Instruction ID: 1fb4da4cf60b5ef82fd2e4f11bba343f4a7f0b2a6f7af6913e078abf76bd4c36
                                                                            • Opcode Fuzzy Hash: 5863711f9116621e7e23b97c5ed989993ac7b2a0065825c759a4c3a1efb40777
                                                                            • Instruction Fuzzy Hash: 18414875A01209EFDB10DF50D984AEABBB9FF49350F04812AE915A7390D738AE54CFA1
                                                                            Function 007A1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                              • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 007A1E66
                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 007A1E79
                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 007A1EA9
                                                                              • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 2081771294-1403004172
                                                                            • Opcode ID: 6484cade3ddfa1cea225eb864bce57b7aa7c681967191cd89694bd2dac5e09e9
                                                                            • Instruction ID: cf4a975311e7fa21646a193aae75e1cdabe8f90ca17284e9e3b465e2de716096
                                                                            • Opcode Fuzzy Hash: 6484cade3ddfa1cea225eb864bce57b7aa7c681967191cd89694bd2dac5e09e9
                                                                            • Instruction Fuzzy Hash: 3221F371A01104AAEB14AB64DC4ACFFB7B9EF86360F544219F825A72E1DB3C4909C660
                                                                            Function 007CC9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                            • API String ID: 176396367-4004644295
                                                                            • Opcode ID: 94fb1a8e9e299f0c08d3af19970734f6738820adf07974fd161439c236195154
                                                                            • Instruction ID: c863395a7c3e524d82d6bdeb07598dde759bb7d8113b862c9198ee4915f189d0
                                                                            • Opcode Fuzzy Hash: 94fb1a8e9e299f0c08d3af19970734f6738820adf07974fd161439c236195154
                                                                            • Instruction Fuzzy Hash: 9C312B33A005698BCB22DF6C8848ABF3391AB61750B05C02DED5EAB345E679DD44C3A0
                                                                            Function 007D2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 007D2F8D
                                                                            • LoadLibraryW.KERNEL32(?), ref: 007D2F94
                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 007D2FA9
                                                                            • DestroyWindow.USER32(?), ref: 007D2FB1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                            • String ID: SysAnimate32
                                                                            • API String ID: 3529120543-1011021900
                                                                            • Opcode ID: ab68b027873758c0d7ae5793f7af99a7ca72c6a0f9c36269e3823c0c0b6bc7f6
                                                                            • Instruction ID: 27d57ccb12b5064d67aa8d868dc7fd05b19d66b55f2cb6fecbb267c8fd05929c
                                                                            • Opcode Fuzzy Hash: ab68b027873758c0d7ae5793f7af99a7ca72c6a0f9c36269e3823c0c0b6bc7f6
                                                                            • Instruction Fuzzy Hash: AC21DC71204209ABEB114F64DC84EBB37BDEF69324F104A2AFA50D22A1C779DC43A760
                                                                            Function 00764D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00764D1E,007728E9,?,00764CBE,007728E9,008088B8,0000000C,00764E15,007728E9,00000002), ref: 00764D8D
                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00764DA0
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00764D1E,007728E9,?,00764CBE,007728E9,008088B8,0000000C,00764E15,007728E9,00000002,00000000), ref: 00764DC3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                            • API String ID: 4061214504-1276376045
                                                                            • Opcode ID: b314b2654393ca675f7784a21c8bf91223667d4041d0ce49a3c5257456798226
                                                                            • Instruction ID: e55967e1f42858c621d7cfa243f6dbc060b6b62b928de6a115a3b56b4694fa79
                                                                            • Opcode Fuzzy Hash: b314b2654393ca675f7784a21c8bf91223667d4041d0ce49a3c5257456798226
                                                                            • Instruction Fuzzy Hash: 21F0AF70A01219FBDB119F90DC09BAEBBB9EF44751F0041A5FD06A2260CF795980CAD4
                                                                            Function 0079D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32 ref: 0079D3AD
                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0079D3BF
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0079D3E5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                            • API String ID: 145871493-2590602151
                                                                            • Opcode ID: aa78f420f0cb8bd3cc40cf314fd1119f9f3df3ae5c16064ff5bb9674b2f067bd
                                                                            • Instruction ID: 0812f13e3e0c7af38a5250b6d9d900fb472f22553fb3c2fffe5cdfb24611a4fc
                                                                            • Opcode Fuzzy Hash: aa78f420f0cb8bd3cc40cf314fd1119f9f3df3ae5c16064ff5bb9674b2f067bd
                                                                            • Instruction Fuzzy Hash: C8F055B1802A22CBDF362720AC089A93325BF10703B94C15AFC02E2244DB6CCD44C683
                                                                            Function 00744E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00744EDD,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E9C
                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00744EAE
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00744EDD,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744EC0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                            • API String ID: 145871493-3689287502
                                                                            • Opcode ID: 991d727f47445d8fc3a23e11a55ad59d199a3bc84ef9a7ca87a700e3d7ad7bdb
                                                                            • Instruction ID: da920e3ec20fed0b1948b72f3d1617bc7cb90a9bf9e1aa59db22959fd3c6bda8
                                                                            • Opcode Fuzzy Hash: 991d727f47445d8fc3a23e11a55ad59d199a3bc84ef9a7ca87a700e3d7ad7bdb
                                                                            • Instruction Fuzzy Hash: 8EE08C76A02633ABD2331B25AC1CB6B6668AF81B62B094216FC00E2250DF6CCD02D0A4
                                                                            Function 00744E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00783CDE,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E62
                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00744E74
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00783CDE,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E87
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                            • API String ID: 145871493-1355242751
                                                                            • Opcode ID: dbe1277d292679a0c1db1e56f2cf4e0813247b63c274914aed3d2df6db0da42d
                                                                            • Instruction ID: 4bd4072f653790e49ddef6b2023c0e9621d739c9c42c1e26b40d2643ae1ec75c
                                                                            • Opcode Fuzzy Hash: dbe1277d292679a0c1db1e56f2cf4e0813247b63c274914aed3d2df6db0da42d
                                                                            • Instruction Fuzzy Hash: F2D0C271503633578A231B246C08E8B6B2CAF81B113054213B800E3250CF2DCD01D1D4
                                                                            Function 007B2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007B2C05
                                                                            • DeleteFileW.KERNEL32(?), ref: 007B2C87
                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 007B2C9D
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007B2CAE
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007B2CC0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$Delete$Copy
                                                                            • String ID:
                                                                            • API String ID: 3226157194-0
                                                                            • Opcode ID: 79859691fcc86b40603e067512de47257aeb533c636548ab608dec8a215908ef
                                                                            • Instruction ID: b1f01462a2f64032fe0b3e4c560106ca4b19abf41ca3214b877487e1e1460c53
                                                                            • Opcode Fuzzy Hash: 79859691fcc86b40603e067512de47257aeb533c636548ab608dec8a215908ef
                                                                            • Instruction Fuzzy Hash: BAB14072D01119EBDF21DBA4CC89EDE7B7DEF48350F1040A6FA09E6152EB389A458F61
                                                                            Function 007CA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcessId.KERNEL32 ref: 007CA427
                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 007CA435
                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 007CA468
                                                                            • CloseHandle.KERNEL32(?), ref: 007CA63D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                            • String ID:
                                                                            • API String ID: 3488606520-0
                                                                            • Opcode ID: 6a64d554fb2bd548c9ad55f050a82d53bb6e274951af242af4aa57534bc5cf95
                                                                            • Instruction ID: 51c3b47ef97d330027a1c9012c008b4d4c195774e89c2a1a284a88ae56205a51
                                                                            • Opcode Fuzzy Hash: 6a64d554fb2bd548c9ad55f050a82d53bb6e274951af242af4aa57534bc5cf95
                                                                            • Instruction Fuzzy Hash: 13A1C071604301AFD720DF24C886F2AB7E1AF84714F14881DF95A9B392D7B9EC45CB82
                                                                            Function 007AE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007ADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,007ACF22,?), ref: 007ADDFD
                                                                              • Part of subcall function 007ADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,007ACF22,?), ref: 007ADE16
                                                                              • Part of subcall function 007AE199: GetFileAttributesW.KERNEL32(?,007ACF95), ref: 007AE19A
                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 007AE473
                                                                            • MoveFileW.KERNEL32(?,?), ref: 007AE4AC
                                                                            • _wcslen.LIBCMT ref: 007AE5EB
                                                                            • _wcslen.LIBCMT ref: 007AE603
                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 007AE650
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 3183298772-0
                                                                            • Opcode ID: d0005f1088ffdc18f89bf75329e58c71bd7877473e3fcbe6f1c0b5a935b696ae
                                                                            • Instruction ID: b735e0d4809d54d457c57c215005b772ea8894a44b99e25dad0f44238a786d0a
                                                                            • Opcode Fuzzy Hash: d0005f1088ffdc18f89bf75329e58c71bd7877473e3fcbe6f1c0b5a935b696ae
                                                                            • Instruction Fuzzy Hash: BF5153B25083859BC724DBA4DC859DBB3ECAFC5340F004A1EF689D3151EF78A6888766
                                                                            Function 007CB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                              • Part of subcall function 007CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007CB6AE,?,?), ref: 007CC9B5
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CC9F1
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA68
                                                                              • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007CBAA5
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007CBB00
                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 007CBB63
                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 007CBBA6
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 007CBBB3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                            • String ID:
                                                                            • API String ID: 826366716-0
                                                                            • Opcode ID: d6011a14d4c4871c4ea7cf1ed9517e7829d7d7391c827fad029244aef2c084c6
                                                                            • Instruction ID: 42a35cc8ed97fc9793313aceebe5547b8cbf2ef7510729fabd3bda86e4cb55d4
                                                                            • Opcode Fuzzy Hash: d6011a14d4c4871c4ea7cf1ed9517e7829d7d7391c827fad029244aef2c084c6
                                                                            • Instruction Fuzzy Hash: 4B616A71208241EFD714DF24C895F2ABBE5BF84308F14855DF4998B2A2DB39ED45CB92
                                                                            Function 007A8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 007A8BCD
                                                                            • VariantClear.OLEAUT32 ref: 007A8C3E
                                                                            • VariantClear.OLEAUT32 ref: 007A8C9D
                                                                            • VariantClear.OLEAUT32(?), ref: 007A8D10
                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 007A8D3B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                            • String ID:
                                                                            • API String ID: 4136290138-0
                                                                            • Opcode ID: 10cb533c91ec0149581d1a8063b87d786ad21f230b6baec95952054d06ffd88a
                                                                            • Instruction ID: 72a3dc3865a3ba5369ca2456bd9640de8d9b776be38fe8032744e0ae30d5ca49
                                                                            • Opcode Fuzzy Hash: 10cb533c91ec0149581d1a8063b87d786ad21f230b6baec95952054d06ffd88a
                                                                            • Instruction Fuzzy Hash: 8F515AB5A00219EFCB14CF68C894AAABBF8FF8D310B158559E915DB350E734E911CFA0
                                                                            Function 007B8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 007B8BAE
                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 007B8BDA
                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 007B8C32
                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 007B8C57
                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 007B8C5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                            • String ID:
                                                                            • API String ID: 2832842796-0
                                                                            • Opcode ID: c3c898aa015d229c8768a1d7b9d7df490a2b5ca988102f2963fe61cfe729fe5b
                                                                            • Instruction ID: 310984efff1746431467b8313e459f53787c9dcc1640f92685b0648672939474
                                                                            • Opcode Fuzzy Hash: c3c898aa015d229c8768a1d7b9d7df490a2b5ca988102f2963fe61cfe729fe5b
                                                                            • Instruction Fuzzy Hash: 13515D75A00215DFCB05DF64C885AADBBF5FF48314F088499E849AB362CB39ED51CBA1
                                                                            Function 007C8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 007C8F40
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 007C8FD0
                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 007C8FEC
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 007C9032
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 007C9052
                                                                              • Part of subcall function 0075F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,007B1043,?,753CE610), ref: 0075F6E6
                                                                              • Part of subcall function 0075F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0079FA64,00000000,00000000,?,?,007B1043,?,753CE610,?,0079FA64), ref: 0075F70D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                            • String ID:
                                                                            • API String ID: 666041331-0
                                                                            • Opcode ID: 638eb81ec4a69e281646d7bcc9fc0338e84b36c033590081f68524b22d6ca849
                                                                            • Instruction ID: 846cd510ca1f02b253d49bd22f3b50ec85f1b22b26fa364ed65382fe08b53013
                                                                            • Opcode Fuzzy Hash: 638eb81ec4a69e281646d7bcc9fc0338e84b36c033590081f68524b22d6ca849
                                                                            • Instruction Fuzzy Hash: 2F512A35601205DFC755DF58C488DADBBB1FF49314B08809DE909AB362DB39ED85CB91
                                                                            Function 007D6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 007D6C33
                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 007D6C4A
                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 007D6C73
                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,007BAB79,00000000,00000000), ref: 007D6C98
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 007D6CC7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$MessageSendShow
                                                                            • String ID:
                                                                            • API String ID: 3688381893-0
                                                                            • Opcode ID: b7da0600c87fcd4e02dbc6fbbac7de7ca996dc89a412ce1749cd32779ee2fa0a
                                                                            • Instruction ID: 3b30266c3a92b81999554906aa459b40519381fcfb799c49d2475dcc24d48410
                                                                            • Opcode Fuzzy Hash: b7da0600c87fcd4e02dbc6fbbac7de7ca996dc89a412ce1749cd32779ee2fa0a
                                                                            • Instruction Fuzzy Hash: 2D41D075A10104AFDB25CF28CD58FA97BB5EB09360F14426AF999A73E0C379FD40CA60
                                                                            Function 00772051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free
                                                                            • String ID:
                                                                            • API String ID: 269201875-0
                                                                            • Opcode ID: 1dd8d4c596ac4efbc96c4fb2ea4058a4d08dc18627d41db69bc1ddfa7735e7cb
                                                                            • Instruction ID: c9e01edec0e2cd25a8ea6c897854466f40b8ac5d9f8bca726f9265f24b8348b9
                                                                            • Opcode Fuzzy Hash: 1dd8d4c596ac4efbc96c4fb2ea4058a4d08dc18627d41db69bc1ddfa7735e7cb
                                                                            • Instruction Fuzzy Hash: 5841D432A00204DFCF20DF78C885A5DB3E5FF89354F1585A8E929EB352D635AD02CB91
                                                                            Function 0075912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCursorPos.USER32(?), ref: 00759141
                                                                            • ScreenToClient.USER32(00000000,?), ref: 0075915E
                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00759183
                                                                            • GetAsyncKeyState.USER32(00000002), ref: 0075919D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                            • String ID:
                                                                            • API String ID: 4210589936-0
                                                                            • Opcode ID: fc898820894bad8e10dcb1251edfd00f6e423518e54488a647ae38ffc2ca4402
                                                                            • Instruction ID: f6b50a7550361e590c7a10a6968d02ef67b70fc9e7bf1e3283e35a50b30a08d6
                                                                            • Opcode Fuzzy Hash: fc898820894bad8e10dcb1251edfd00f6e423518e54488a647ae38ffc2ca4402
                                                                            • Instruction Fuzzy Hash: 1041903190861BFBDF099F68D848BEEB774FB45321F208216E929A3290C7785D54CB51
                                                                            Function 007B3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetInputState.USER32 ref: 007B38CB
                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 007B3922
                                                                            • TranslateMessage.USER32(?), ref: 007B394B
                                                                            • DispatchMessageW.USER32(?), ref: 007B3955
                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007B3966
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                            • String ID:
                                                                            • API String ID: 2256411358-0
                                                                            • Opcode ID: c064d3c66c2ff504389d6af6bb30713e89c4566319f72fad43059748f752dea3
                                                                            • Instruction ID: 1c4a0c3e1b291ad0be3524edbe05630f92a6f0af156ba6c91ee2b2f80d10d9ef
                                                                            • Opcode Fuzzy Hash: c064d3c66c2ff504389d6af6bb30713e89c4566319f72fad43059748f752dea3
                                                                            • Instruction Fuzzy Hash: 93318670504342EEEF25CB34984CBF67BA8AF05308F14856EE566C21A0E7BCB6C5CB21
                                                                            Function 007BCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 007BCF38
                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 007BCF6F
                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,007BC21E,00000000), ref: 007BCFB4
                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,007BC21E,00000000), ref: 007BCFC8
                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,007BC21E,00000000), ref: 007BCFF2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                            • String ID:
                                                                            • API String ID: 3191363074-0
                                                                            • Opcode ID: 7c262abdb8977dc06abefdb0afec4e21d5c3429512f3504959b989eddc73b0d3
                                                                            • Instruction ID: bb671d7bc203ebd3763e6f3ec239edd13ea4cdd7fc5aa7d2955490c5376e2c4b
                                                                            • Opcode Fuzzy Hash: 7c262abdb8977dc06abefdb0afec4e21d5c3429512f3504959b989eddc73b0d3
                                                                            • Instruction Fuzzy Hash: 92315072600206EFDB21DFA5C884AFBBBF9EB14351B10846EF506D2140D738EE41DB60
                                                                            Function 007A1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 007A1915
                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 007A19C1
                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 007A19C9
                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 007A19DA
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 007A19E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePostSleep$RectWindow
                                                                            • String ID:
                                                                            • API String ID: 3382505437-0
                                                                            • Opcode ID: 493cd11a47f637d37d13cad40863b0fe66c1a07e5473a7a278bf917c3ddbd977
                                                                            • Instruction ID: eb66a14c403c1d64585205c35cbf5553cbaaa476c8f395ad53bb4b2f21d4be5d
                                                                            • Opcode Fuzzy Hash: 493cd11a47f637d37d13cad40863b0fe66c1a07e5473a7a278bf917c3ddbd977
                                                                            • Instruction Fuzzy Hash: 0E31BF72A00259EFDB04CFA8CD99ADE3BB5EB45315F108329F961AB2D1C774AD44CB90
                                                                            Function 007D5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 007D5745
                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 007D579D
                                                                            • _wcslen.LIBCMT ref: 007D57AF
                                                                            • _wcslen.LIBCMT ref: 007D57BA
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 007D5816
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$_wcslen
                                                                            • String ID:
                                                                            • API String ID: 763830540-0
                                                                            • Opcode ID: 066b117a34b187929338077c8bc9ab5c1e0a15044b41f524eff6ab98dc54e444
                                                                            • Instruction ID: 59a5c017087467c37d0f6c3eb66f3263d3ea737e346978f36d22cf945e23da68
                                                                            • Opcode Fuzzy Hash: 066b117a34b187929338077c8bc9ab5c1e0a15044b41f524eff6ab98dc54e444
                                                                            • Instruction Fuzzy Hash: 81218271904618EBDB209FA4CC89EEE77B8FF04724F108257E929EA280D7789985CF51
                                                                            Function 007C0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindow.USER32(00000000), ref: 007C0951
                                                                            • GetForegroundWindow.USER32 ref: 007C0968
                                                                            • GetDC.USER32(00000000), ref: 007C09A4
                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 007C09B0
                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 007C09E8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ForegroundPixelRelease
                                                                            • String ID:
                                                                            • API String ID: 4156661090-0
                                                                            • Opcode ID: 3e8a5ee2a11086734a5546ab7033ec627e138d4b2e9ed740ae05bbe5965270a8
                                                                            • Instruction ID: 48434624ef6f6de0898c4e50a8d998b1cf037b9c0b0c30ac29818accd8008a89
                                                                            • Opcode Fuzzy Hash: 3e8a5ee2a11086734a5546ab7033ec627e138d4b2e9ed740ae05bbe5965270a8
                                                                            • Instruction Fuzzy Hash: 48214C35600214EFD704EF65C888AAEBBF5EB48700B04806DE84A97352DB38EC04CB90
                                                                            Function 0077CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0077CDC6
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0077CDE9
                                                                              • Part of subcall function 00773820: RtlAllocateHeap.NTDLL(00000000,?,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6,?,00741129), ref: 00773852
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0077CE0F
                                                                            • _free.LIBCMT ref: 0077CE22
                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0077CE31
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                            • String ID:
                                                                            • API String ID: 336800556-0
                                                                            • Opcode ID: 531cb8bbae37e107b4bcbcfcc2481826c02cb1fb7ae583641e6267f42cbd76f2
                                                                            • Instruction ID: 89d20b4701306ddfe3ae0a883392f63016c010cff07d4c67e7b2390c29696707
                                                                            • Opcode Fuzzy Hash: 531cb8bbae37e107b4bcbcfcc2481826c02cb1fb7ae583641e6267f42cbd76f2
                                                                            • Instruction Fuzzy Hash: 8001D8726026157F2F2316B66C4CC7B6A6DDFCABE1315812EF909C7101DAA98D0281B5
                                                                            Function 00759639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00759693
                                                                            • SelectObject.GDI32(?,00000000), ref: 007596A2
                                                                            • BeginPath.GDI32(?), ref: 007596B9
                                                                            • SelectObject.GDI32(?,00000000), ref: 007596E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                            • String ID:
                                                                            • API String ID: 3225163088-0
                                                                            • Opcode ID: 74c0d9d35672d2e434356e148574f8dcc511d822cf8bc99b51331019d84317a8
                                                                            • Instruction ID: b9f903910a8fe1c36aa3605f6ba4acb79954afc5aff3f44b63de2491944b40ff
                                                                            • Opcode Fuzzy Hash: 74c0d9d35672d2e434356e148574f8dcc511d822cf8bc99b51331019d84317a8
                                                                            • Instruction Fuzzy Hash: 93217170802306EBDF119F24EC197E97FB9FF00316F508216FA20A61A0D3B95859CF94
                                                                            Function 007A5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _memcmp
                                                                            • String ID:
                                                                            • API String ID: 2931989736-0
                                                                            • Opcode ID: 8a831e1e49c872f0ce92cb2af8d97dcfb70ba1f31624919bdd85a73593f20c7d
                                                                            • Instruction ID: f8002dba41ab0f267e1e6c2dd6844c307dcb8a4fc8f4ed2341b8c6e60a6e59b0
                                                                            • Opcode Fuzzy Hash: 8a831e1e49c872f0ce92cb2af8d97dcfb70ba1f31624919bdd85a73593f20c7d
                                                                            • Instruction Fuzzy Hash: 0501F5A1241A09FBD21C92219D86FBB735C9BA23A4F444122FD1BBA341F72CED1082B0
                                                                            Function 00772DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,?,0076F2DE,00773863,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6), ref: 00772DFD
                                                                            • _free.LIBCMT ref: 00772E32
                                                                            • _free.LIBCMT ref: 00772E59
                                                                            • SetLastError.KERNEL32(00000000,00741129), ref: 00772E66
                                                                            • SetLastError.KERNEL32(00000000,00741129), ref: 00772E6F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_free
                                                                            • String ID:
                                                                            • API String ID: 3170660625-0
                                                                            • Opcode ID: 282a26ec36a7fab1dd7a91e2af018d828cf038d2c0c66be3baca3b1a9475495b
                                                                            • Instruction ID: 3548594e659b2899bb8c95a2ddb83d7eb5514fdbf64621cc35d94c86dfd1792e
                                                                            • Opcode Fuzzy Hash: 282a26ec36a7fab1dd7a91e2af018d828cf038d2c0c66be3baca3b1a9475495b
                                                                            • Instruction Fuzzy Hash: 5901F432205600BBCE1327346C4ED2B266DBBC57E5B24C129F83DA22E3EFAC8C434421
                                                                            Function 007A000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?,?,007A035E), ref: 007A002B
                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?), ref: 007A0046
                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?), ref: 007A0054
                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?), ref: 007A0064
                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?), ref: 007A0070
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 3897988419-0
                                                                            • Opcode ID: d19e2d3d4436644ca79fd5b791854b2ce1c20caa7437a4d52a26fd58d51a9dd2
                                                                            • Instruction ID: 3217f0976690e85e0fb22397107705003825099b3464cd411834b3bfed4edd8e
                                                                            • Opcode Fuzzy Hash: d19e2d3d4436644ca79fd5b791854b2ce1c20caa7437a4d52a26fd58d51a9dd2
                                                                            • Instruction Fuzzy Hash: 6A01DF76601205BFDB114F68DC08FAB7BBEEB84351F108625F901D6210D778CD00EBA0
                                                                            Function 007AE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 007AE997
                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 007AE9A5
                                                                            • Sleep.KERNEL32(00000000), ref: 007AE9AD
                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 007AE9B7
                                                                            • Sleep.KERNEL32 ref: 007AE9F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                            • String ID:
                                                                            • API String ID: 2833360925-0
                                                                            • Opcode ID: 537517cc9c454c83b5fc71c2e54b85907e0be5c97ff39865ba68da9605efa035
                                                                            • Instruction ID: 2ceacb55be12da6046ba219f16c621fd383f562b6c0b048addb6b1e82ee7b437
                                                                            • Opcode Fuzzy Hash: 537517cc9c454c83b5fc71c2e54b85907e0be5c97ff39865ba68da9605efa035
                                                                            • Instruction Fuzzy Hash: 5E016D72C0162EDBCF00AFE5DC49AEEBB78FF4A301F004646E542B2141DB38A551C766
                                                                            Function 007A10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 007A1114
                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1120
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A112F
                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1136
                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 007A114D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 842720411-0
                                                                            • Opcode ID: 4164d607fa2596d89fd39ed637875fe790ba689ac2f195803f5f7e3e5432442b
                                                                            • Instruction ID: b97e359f00e3bff869d3beeb9cbe998c772826392c6442a91a99e3db090f70c6
                                                                            • Opcode Fuzzy Hash: 4164d607fa2596d89fd39ed637875fe790ba689ac2f195803f5f7e3e5432442b
                                                                            • Instruction Fuzzy Hash: C1016D7510121ABFEB124F68DC49A6A3B7EEF86364B104415FA41D3350DA35DC00DA60
                                                                            Function 007A0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 007A0FCA
                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 007A0FD6
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 007A0FE5
                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 007A0FEC
                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 007A1002
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 44706859-0
                                                                            • Opcode ID: f7aec0a28a42c1018c5a922aebb1a4cc4fb9753bba794a3466d148dbfbf88cb6
                                                                            • Instruction ID: ff2043449fb248e745a972f3b6cdabbcc0fbd8ae31de4b0a9e39858ed5c2e1c4
                                                                            • Opcode Fuzzy Hash: f7aec0a28a42c1018c5a922aebb1a4cc4fb9753bba794a3466d148dbfbf88cb6
                                                                            • Instruction Fuzzy Hash: 58F0A975201316EBEB220FA49C4AF573BBDEF8A762F508416FA45C6290CA39DC40CA60
                                                                            Function 007A1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 007A102A
                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 007A1036
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007A1045
                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 007A104C
                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007A1062
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 44706859-0
                                                                            • Opcode ID: 620eafd809f846738a0bca95291d010ff814e08801551783effcf241345ff052
                                                                            • Instruction ID: c33bd2539e3f06760f1043b022bf6ac699de5602f4e9beac6646aeedd09b4720
                                                                            • Opcode Fuzzy Hash: 620eafd809f846738a0bca95291d010ff814e08801551783effcf241345ff052
                                                                            • Instruction Fuzzy Hash: D6F0CD75201316EBEB221FA4EC49F573BBDEF8A761F104416FA45C7290CA79DC40CA60
                                                                            Function 007B030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B0324
                                                                            • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B0331
                                                                            • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B033E
                                                                            • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B034B
                                                                            • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B0358
                                                                            • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B0365
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandle
                                                                            • String ID:
                                                                            • API String ID: 2962429428-0
                                                                            • Opcode ID: 3c0c8f9e84de68fb2a7aecccae44d5942b09bc1fc27f156c183cb94d61512b8c
                                                                            • Instruction ID: 759fa0aee292b585a9696192296795218aa0f7850137695c3b0f907035f16ac6
                                                                            • Opcode Fuzzy Hash: 3c0c8f9e84de68fb2a7aecccae44d5942b09bc1fc27f156c183cb94d61512b8c
                                                                            • Instruction Fuzzy Hash: E601EA72800B058FCB30AF66D880943FBF9BF603053058A3FD19292930C3B4A988CF80
                                                                            Function 0077D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 0077D752
                                                                              • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                              • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                            • _free.LIBCMT ref: 0077D764
                                                                            • _free.LIBCMT ref: 0077D776
                                                                            • _free.LIBCMT ref: 0077D788
                                                                            • _free.LIBCMT ref: 0077D79A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: 3097815084800923b136f385861c2ddcce47ced44a33bccf2525232154dec850
                                                                            • Instruction ID: 1455430f524fee466a417442c4d8afb472b65c396341b9ba0b40c6946ce8e1ea
                                                                            • Opcode Fuzzy Hash: 3097815084800923b136f385861c2ddcce47ced44a33bccf2525232154dec850
                                                                            • Instruction Fuzzy Hash: ACF04F32500304ABCA75EB78F9C5C16BBEDBF44390B988805F15CE7512C728FC818EA4
                                                                            Function 007A5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 007A5C58
                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 007A5C6F
                                                                            • MessageBeep.USER32(00000000), ref: 007A5C87
                                                                            • KillTimer.USER32(?,0000040A), ref: 007A5CA3
                                                                            • EndDialog.USER32(?,00000001), ref: 007A5CBD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                            • String ID:
                                                                            • API String ID: 3741023627-0
                                                                            • Opcode ID: 1fcbb4a2a2cc798271cbdaf3967bcbbc1cf9806aa33fda7b2169a911b85af3b7
                                                                            • Instruction ID: 2c7ddde5a6f419646ca24140c5ee7cb6e5b572622b25dcc5e70e8ef03b7342e8
                                                                            • Opcode Fuzzy Hash: 1fcbb4a2a2cc798271cbdaf3967bcbbc1cf9806aa33fda7b2169a911b85af3b7
                                                                            • Instruction Fuzzy Hash: 4801F930500B05ABEB215B10ED4EFA677B8FF01B06F00175AB583A10E0DBFCA984CBA4
                                                                            Function 007722A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 007722BE
                                                                              • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                              • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                            • _free.LIBCMT ref: 007722D0
                                                                            • _free.LIBCMT ref: 007722E3
                                                                            • _free.LIBCMT ref: 007722F4
                                                                            • _free.LIBCMT ref: 00772305
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: 3f35b0debfff047c225e0ee25a0d46d304b781361e9c10dfa1216c940a86cbe5
                                                                            • Instruction ID: 30f06fd6db1b0a8b3af15ce1752853e6d78ca81def0e3b099570e934b85de955
                                                                            • Opcode Fuzzy Hash: 3f35b0debfff047c225e0ee25a0d46d304b781361e9c10dfa1216c940a86cbe5
                                                                            • Instruction Fuzzy Hash: 9FF03070401210CBCF52AF64BC06C887B68FB19790B06C61AF528E22B6CB7914939FA4
                                                                            Function 007595C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EndPath.GDI32(?), ref: 007595D4
                                                                            • StrokeAndFillPath.GDI32(?,?,007971F7,00000000,?,?,?), ref: 007595F0
                                                                            • SelectObject.GDI32(?,00000000), ref: 00759603
                                                                            • DeleteObject.GDI32 ref: 00759616
                                                                            • StrokePath.GDI32(?), ref: 00759631
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                            • String ID:
                                                                            • API String ID: 2625713937-0
                                                                            • Opcode ID: 62f74fb92eee5f9ada9d574ffa98d1e40830e9a0ddfb8b89d3ffff9b2bad9a91
                                                                            • Instruction ID: 9474e68ded18dadbb54fa95e2ecefff75a2a1b4a2477812aabd17f51ccd966d1
                                                                            • Opcode Fuzzy Hash: 62f74fb92eee5f9ada9d574ffa98d1e40830e9a0ddfb8b89d3ffff9b2bad9a91
                                                                            • Instruction Fuzzy Hash: 9FF0F270006209EBDF225F69ED1CBE43F69BB00322F44C215EA25590F0D77989AADF24
                                                                            Function 00770F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __freea$_free
                                                                            • String ID: a/p$am/pm
                                                                            • API String ID: 3432400110-3206640213
                                                                            • Opcode ID: 979f411205de50a66f7eb3f861f11e7181bf1344811ca6c711068633371564ae
                                                                            • Instruction ID: 73d678c665082ca72671c1001f5c0918f88ae403486ba73cc6d5010564fdcc4d
                                                                            • Opcode Fuzzy Hash: 979f411205de50a66f7eb3f861f11e7181bf1344811ca6c711068633371564ae
                                                                            • Instruction Fuzzy Hash: 9DD1F231A00206CADF249F6CC895BFAB7B5FF06780FA4C159E909AB651D33D9D80CB91
                                                                            Function 00775AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: JOt
                                                                            • API String ID: 0-2730833899
                                                                            • Opcode ID: 2368cf1b69f49d16f96b4efa2f0431cc9e5e706d1d21b33b60b57e42d15c1542
                                                                            • Instruction ID: 88870eb949c92c73197188597a3102ad8527542eb07841fa520d13bd3fc58987
                                                                            • Opcode Fuzzy Hash: 2368cf1b69f49d16f96b4efa2f0431cc9e5e706d1d21b33b60b57e42d15c1542
                                                                            • Instruction Fuzzy Hash: 405191B1D0060ADFDF129FA4C849FFE7BB8AF05390F14815AF809A7291D7B99901CB61
                                                                            Function 00778A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00778B6E
                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00778B7A
                                                                            • __dosmaperr.LIBCMT ref: 00778B81
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                            • String ID: .v
                                                                            • API String ID: 2434981716-281053895
                                                                            • Opcode ID: 7d99d7f347040ff834a37369636df34163ce22b99e685c29e9eec8dc68091931
                                                                            • Instruction ID: d2f5197e6ac244f8c2ffd0b970a7d5d7d4e68230f36633108c6693ebe77638a1
                                                                            • Opcode Fuzzy Hash: 7d99d7f347040ff834a37369636df34163ce22b99e685c29e9eec8dc68091931
                                                                            • Instruction Fuzzy Hash: C1417CF0604145AFCF659F24CC89A7D7FA5EF85380F29C1AAF85D87652DE398C028792
                                                                            Function 007A2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007AB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,007A21D0,?,?,00000034,00000800,?,00000034), ref: 007AB42D
                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 007A2760
                                                                              • Part of subcall function 007AB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,007A21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 007AB3F8
                                                                              • Part of subcall function 007AB32A: GetWindowThreadProcessId.USER32(?,?), ref: 007AB355
                                                                              • Part of subcall function 007AB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,007A2194,00000034,?,?,00001004,00000000,00000000), ref: 007AB365
                                                                              • Part of subcall function 007AB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,007A2194,00000034,?,?,00001004,00000000,00000000), ref: 007AB37B
                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 007A27CD
                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 007A281A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                            • String ID: @
                                                                            • API String ID: 4150878124-2766056989
                                                                            • Opcode ID: f3273c32e07c3a946341f18964239f183a0bc97968e3af57b16c234b5aa596cd
                                                                            • Instruction ID: e024263b373b5a4046ae13aafc902b54dec3f086bf06573023cac8664e0d8a68
                                                                            • Opcode Fuzzy Hash: f3273c32e07c3a946341f18964239f183a0bc97968e3af57b16c234b5aa596cd
                                                                            • Instruction Fuzzy Hash: 3B414C72900218AFDB10DFA8CD45AEEBBB8EF4A300F008195FA55B7181DB746F45CBA0
                                                                            Function 0077172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00771769
                                                                            • _free.LIBCMT ref: 00771834
                                                                            • _free.LIBCMT ref: 0077183E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$FileModuleName
                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                            • API String ID: 2506810119-1957095476
                                                                            • Opcode ID: 891a6cc635bbafe4fd517e19980a32f10e85574b9c8dbfc5168f47fb8cfd5835
                                                                            • Instruction ID: 513abfdf1ea1b0aad4c596e0cde7c11938d7654aa020dfce1e9fb587e92a1a41
                                                                            • Opcode Fuzzy Hash: 891a6cc635bbafe4fd517e19980a32f10e85574b9c8dbfc5168f47fb8cfd5835
                                                                            • Instruction Fuzzy Hash: A2318071A00218EFDF25DF99D889D9EBBFCEF853A0B548166F908D7211D6748E40CB91
                                                                            Function 007AC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 007AC306
                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 007AC34C
                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00811990,011C5A20), ref: 007AC395
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Delete$InfoItem
                                                                            • String ID: 0
                                                                            • API String ID: 135850232-4108050209
                                                                            • Opcode ID: 7f35a8cbee277c305c4559f9e6eb3d11a39bbbc27451f7393d203875daeff6ff
                                                                            • Instruction ID: 22a8077b945bbb56e4ca3cf12cfa181966f769defa5991b2ae2535ec1739802e
                                                                            • Opcode Fuzzy Hash: 7f35a8cbee277c305c4559f9e6eb3d11a39bbbc27451f7393d203875daeff6ff
                                                                            • Instruction Fuzzy Hash: 0A41A031208301EFDB21DF25D845B1ABBE8AFC6310F10871DF9A5972D1D778A904CB62
                                                                            Function 007D4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,007DCC08,00000000,?,?,?,?), ref: 007D44AA
                                                                            • GetWindowLongW.USER32 ref: 007D44C7
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007D44D7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long
                                                                            • String ID: SysTreeView32
                                                                            • API String ID: 847901565-1698111956
                                                                            • Opcode ID: f0534adc80bdaae187486e10a603a5622cd3615e7dfd0d6d8077f1a01b930b24
                                                                            • Instruction ID: 7c4ec0bce6d79276b0a36e8bcc9d1d6dd163e53af70b197d895446288afa9231
                                                                            • Opcode Fuzzy Hash: f0534adc80bdaae187486e10a603a5622cd3615e7dfd0d6d8077f1a01b930b24
                                                                            • Instruction Fuzzy Hash: 99317E71210246AFDF219E38DC49BDA7BB9EB08324F204716F979A22D0D778EC909750
                                                                            Function 007A6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SysReAllocString.OLEAUT32(?,?), ref: 007A6EED
                                                                            • VariantCopyInd.OLEAUT32(?,?), ref: 007A6F08
                                                                            • VariantClear.OLEAUT32(?), ref: 007A6F12
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$AllocClearCopyString
                                                                            • String ID: *jz
                                                                            • API String ID: 2173805711-3847815467
                                                                            • Opcode ID: 9b72d465e0aab18a7848442dd9846e71852e7b11c613af2c8e23cb92b2cb4992
                                                                            • Instruction ID: 74004a3dfbe1d3d75cf2a3c1e257e2a0213ae733d15418e45a9c72a42385d20b
                                                                            • Opcode Fuzzy Hash: 9b72d465e0aab18a7848442dd9846e71852e7b11c613af2c8e23cb92b2cb4992
                                                                            • Instruction Fuzzy Hash: F631D171608245DFCB05AFA4E8559BD77B6FF86701B140598F8025B2A1C73CDD12CBD0
                                                                            Function 007C304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,007C3077,?,?), ref: 007C3378
                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007C307A
                                                                            • _wcslen.LIBCMT ref: 007C309B
                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 007C3106
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                            • String ID: 255.255.255.255
                                                                            • API String ID: 946324512-2422070025
                                                                            • Opcode ID: 97ec538732b0b168e2994c14fca7a2c6adb3ec6936052ba365ad0000863967fa
                                                                            • Instruction ID: c29623988ee9592fd40dfe749213228275edeebcdbe86538341dee5f56e31c80
                                                                            • Opcode Fuzzy Hash: 97ec538732b0b168e2994c14fca7a2c6adb3ec6936052ba365ad0000863967fa
                                                                            • Instruction Fuzzy Hash: D231AE36200205DFDB10CF68C485FAA77A1EF14318F28C15DE9168B392DB3AEE85C761
                                                                            Function 007D3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 007D3F40
                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 007D3F54
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 007D3F78
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window
                                                                            • String ID: SysMonthCal32
                                                                            • API String ID: 2326795674-1439706946
                                                                            • Opcode ID: 805d78df0772c25faa8574d8c1224525e825b9438a34710473bd2d30e311cefc
                                                                            • Instruction ID: 0c48ed72f0b3a4faf2b32e810789db17d48fbee65ba245a7307b575c59e618a4
                                                                            • Opcode Fuzzy Hash: 805d78df0772c25faa8574d8c1224525e825b9438a34710473bd2d30e311cefc
                                                                            • Instruction Fuzzy Hash: 54219C32610219BFDF229F50DC46FEA3B79EF48714F110215FA15AB2D0D6B9AD50CBA0
                                                                            Function 007D4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 007D4705
                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 007D4713
                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 007D471A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$DestroyWindow
                                                                            • String ID: msctls_updown32
                                                                            • API String ID: 4014797782-2298589950
                                                                            • Opcode ID: e7e5d6c09e271c4ace0d3b2be6ca8ca3a52f1064f2e4afe47b58b03087bd2ad4
                                                                            • Instruction ID: 0b31db7530e5530ca1213e0cc228e3c8ce54734fdd3e81256fd63bc4f6dd1440
                                                                            • Opcode Fuzzy Hash: e7e5d6c09e271c4ace0d3b2be6ca8ca3a52f1064f2e4afe47b58b03087bd2ad4
                                                                            • Instruction Fuzzy Hash: 5D214AB5600209AFDB11DF64DCC5DA637BDEF4A3A4B04005AFA109B3A1CB35EC11CA60
                                                                            Function 007A95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                            • API String ID: 176396367-2734436370
                                                                            • Opcode ID: a47c6d80c691519f2a192cc2c08ed76e88e157261580369bd208434bbec9e55d
                                                                            • Instruction ID: b809500d0e7a131d7fc5238420a24027b0d30184f80cf2caab0a59d876ef0e6d
                                                                            • Opcode Fuzzy Hash: a47c6d80c691519f2a192cc2c08ed76e88e157261580369bd208434bbec9e55d
                                                                            • Instruction Fuzzy Hash: 44215B72504610A6D331AB249C07FB773E89FD2300F504526FB5A97181EB5DAD71C2D6
                                                                            Function 007D37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 007D3840
                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 007D3850
                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 007D3876
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$MoveWindow
                                                                            • String ID: Listbox
                                                                            • API String ID: 3315199576-2633736733
                                                                            • Opcode ID: a73e891e2b33a3eaacf2850b68be07b6e4bd33e7e8f6773d48120b3dcd94399b
                                                                            • Instruction ID: 4a0dc686c078d4163c27ae613809565e4fc10a366f7ac3a056bf7ce94b91a4e5
                                                                            • Opcode Fuzzy Hash: a73e891e2b33a3eaacf2850b68be07b6e4bd33e7e8f6773d48120b3dcd94399b
                                                                            • Instruction Fuzzy Hash: B321C272610119BBEF119F54CC85FBB377EEF89760F108126F9049B290C679DC5197A1
                                                                            Function 007B49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 007B4A08
                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 007B4A5C
                                                                            • SetErrorMode.KERNEL32(00000000,?,?,007DCC08), ref: 007B4AD0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$InformationVolume
                                                                            • String ID: %lu
                                                                            • API String ID: 2507767853-685833217
                                                                            • Opcode ID: 9df0a5875644cce05b6b4bd08894628b30905249ba439c3c345da358a5815a85
                                                                            • Instruction ID: 69d33da4bd465a1263df679169e062e8b58967a4fa5eb369c8d5271ee266d80d
                                                                            • Opcode Fuzzy Hash: 9df0a5875644cce05b6b4bd08894628b30905249ba439c3c345da358a5815a85
                                                                            • Instruction Fuzzy Hash: 76314F71A00119EFD711DF64C985EAA77F8EF04304F148095E909DB252D779ED45CB61
                                                                            Function 007D41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 007D424F
                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 007D4264
                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 007D4271
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: msctls_trackbar32
                                                                            • API String ID: 3850602802-1010561917
                                                                            • Opcode ID: 565f2c7eea64219af03f9704e89cf8523ef6e0c8b5fbd9dab54665cb20307b44
                                                                            • Instruction ID: 0b9d8cf0fe6b32860f184266a61cfd59bec4914297dbc5a5292a21189db91199
                                                                            • Opcode Fuzzy Hash: 565f2c7eea64219af03f9704e89cf8523ef6e0c8b5fbd9dab54665cb20307b44
                                                                            • Instruction Fuzzy Hash: 7111E031240208BFEF205F28CC06FAB3BBCFF95B64F114125FA55E21A0D676E8119B20
                                                                            Function 007A2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                              • Part of subcall function 007A2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 007A2DC5
                                                                              • Part of subcall function 007A2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 007A2DD6
                                                                              • Part of subcall function 007A2DA7: GetCurrentThreadId.KERNEL32 ref: 007A2DDD
                                                                              • Part of subcall function 007A2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 007A2DE4
                                                                            • GetFocus.USER32 ref: 007A2F78
                                                                              • Part of subcall function 007A2DEE: GetParent.USER32(00000000), ref: 007A2DF9
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 007A2FC3
                                                                            • EnumChildWindows.USER32(?,007A303B), ref: 007A2FEB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                            • String ID: %s%d
                                                                            • API String ID: 1272988791-1110647743
                                                                            • Opcode ID: e5b16ebf49b849738fd153d731e64e9a38f54ad7541077a8f1c9f21d3020b5ee
                                                                            • Instruction ID: b2aeed525a3989af3ff1078ae1ed11a7694d75e55d3e8b7a76e4f4cb3dd1e504
                                                                            • Opcode Fuzzy Hash: e5b16ebf49b849738fd153d731e64e9a38f54ad7541077a8f1c9f21d3020b5ee
                                                                            • Instruction Fuzzy Hash: 131190B1700205ABDF556F648C89EEE376AAFC5304F048175FD099B293DE78994ACB60
                                                                            Function 007D5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007D58C1
                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007D58EE
                                                                            • DrawMenuBar.USER32(?), ref: 007D58FD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$InfoItem$Draw
                                                                            • String ID: 0
                                                                            • API String ID: 3227129158-4108050209
                                                                            • Opcode ID: 811fb82591de6d7cbce476e6b0454c9c93bd8058044d5dcb1d598ec937b3e4c7
                                                                            • Instruction ID: d4209ed2daebe14e05d1f790d9f352b936cb99abfd9903546ae41d2a25dfa3e4
                                                                            • Opcode Fuzzy Hash: 811fb82591de6d7cbce476e6b0454c9c93bd8058044d5dcb1d598ec937b3e4c7
                                                                            • Instruction Fuzzy Hash: 7B018031500218EFDB219F15EC49FEEBBB8FF45361F10809AE849D6251DB789A94DF21
                                                                            Function 007A007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 671541ddcf0052f045a38d30e1ba626b09a313f56bc8fa6a082ef07a249fdf20
                                                                            • Instruction ID: f7b207309db768b048334812eac3f90c0b0d8a1aec763923fd7a61bc9fceaf3b
                                                                            • Opcode Fuzzy Hash: 671541ddcf0052f045a38d30e1ba626b09a313f56bc8fa6a082ef07a249fdf20
                                                                            • Instruction Fuzzy Hash: 51C15C75A0020AEFDB14CFA4C898BAEB7B5FF89314F108A98E505EB251D735ED41DB90
                                                                            Function 007C342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                            • String ID:
                                                                            • API String ID: 1998397398-0
                                                                            • Opcode ID: 307e4dd7ff89f0e63062a7f74dddee20050b21728f8b3ab2c67df2012d4236a2
                                                                            • Instruction ID: d72868451f3df59d116dcc85364102ad6dc281ac1cde5b73f10c37d00ae1aa24
                                                                            • Opcode Fuzzy Hash: 307e4dd7ff89f0e63062a7f74dddee20050b21728f8b3ab2c67df2012d4236a2
                                                                            • Instruction Fuzzy Hash: 57A11575604210DFC714DF28C489E6AB7E5EF88714F04885DF98A9B362DB38EE05CB91
                                                                            Function 007A0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,007DFC08,?), ref: 007A05F0
                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,007DFC08,?), ref: 007A0608
                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,007DCC40,000000FF,?,00000000,00000800,00000000,?,007DFC08,?), ref: 007A062D
                                                                            • _memcmp.LIBVCRUNTIME ref: 007A064E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                            • String ID:
                                                                            • API String ID: 314563124-0
                                                                            • Opcode ID: dd507e1e002e2112355a3ffbb3368a929448bb1a5c3d14634ebaf333e8acafe2
                                                                            • Instruction ID: 29085608a1d9e04d3db2fd81015ee92439a7f478f1516cef158177f65c5d57d1
                                                                            • Opcode Fuzzy Hash: dd507e1e002e2112355a3ffbb3368a929448bb1a5c3d14634ebaf333e8acafe2
                                                                            • Instruction Fuzzy Hash: D9811C71A00109EFCB04DF94C988EEEB7B9FF89315F204559F506AB250DB75AE06CBA0
                                                                            Function 007CA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 007CA6AC
                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 007CA6BA
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 007CA79C
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007CA7AB
                                                                              • Part of subcall function 0075CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00783303,?), ref: 0075CE8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                            • String ID:
                                                                            • API String ID: 1991900642-0
                                                                            • Opcode ID: f5122c19ad5411d137a87700f018db696ffbe23021fc4f522281e15cf5f53128
                                                                            • Instruction ID: 9f8f369180f348a0ab57c367386d14cfc51f8160d31fbff6c1bf9b6a26dcf65e
                                                                            • Opcode Fuzzy Hash: f5122c19ad5411d137a87700f018db696ffbe23021fc4f522281e15cf5f53128
                                                                            • Instruction Fuzzy Hash: D0513A71508301AFD310DF24C88AA6BBBE8FF89754F00891DF58597252EB78D904CB92
                                                                            Function 00781391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free
                                                                            • String ID:
                                                                            • API String ID: 269201875-0
                                                                            • Opcode ID: 4a8ded83c8951456218e955a98c2eb8c1381fa8f5ece508a8e86713f0184fa31
                                                                            • Instruction ID: 4d91c2770f98113c7de1e10856b7897ca488a03dfd479b996e9e358a77976b55
                                                                            • Opcode Fuzzy Hash: 4a8ded83c8951456218e955a98c2eb8c1381fa8f5ece508a8e86713f0184fa31
                                                                            • Instruction Fuzzy Hash: 0B410831A80141EBDF217BB99C49AAE3AACFF45370F544226F81DD6192E67C48429761
                                                                            Function 007D6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 007D62E2
                                                                            • ScreenToClient.USER32(?,?), ref: 007D6315
                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 007D6382
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientMoveRectScreen
                                                                            • String ID:
                                                                            • API String ID: 3880355969-0
                                                                            • Opcode ID: 4f628a72c9bb6d6bddda5b731deb4031a79a8cebe6712f73f11764f1274f3823
                                                                            • Instruction ID: fac899b1b4cb2e81c512c621b1781ae7c176b6da18a7a9bc526a00dc60ee1d2d
                                                                            • Opcode Fuzzy Hash: 4f628a72c9bb6d6bddda5b731deb4031a79a8cebe6712f73f11764f1274f3823
                                                                            • Instruction Fuzzy Hash: 77510775A00209AFDF10DF68D8849AE7BB6FF55360F14825AF9259B390D734AD81CB90
                                                                            Function 007C1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 007C1AFD
                                                                            • WSAGetLastError.WSOCK32 ref: 007C1B0B
                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 007C1B8A
                                                                            • WSAGetLastError.WSOCK32 ref: 007C1B94
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$socket
                                                                            • String ID:
                                                                            • API String ID: 1881357543-0
                                                                            • Opcode ID: 6a9299de9e0e956b3a523a15f87ec71be28090f040e351723985e76a0157f632
                                                                            • Instruction ID: 00c7610d601082e0d469292b2fd1b77136d22da6f0a075317e9e0b1acffbcdbe
                                                                            • Opcode Fuzzy Hash: 6a9299de9e0e956b3a523a15f87ec71be28090f040e351723985e76a0157f632
                                                                            • Instruction Fuzzy Hash: 7141BF74600201AFE720AF24C88AF2977E5AB45718F94849CF91A9F3D3D77ADD42CB90
                                                                            Function 0077B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b763ef3f73092aee874dac04e58a7206c27fb5a2158ee15d03f048d659b31aa1
                                                                            • Instruction ID: 576027c552a210d0a84285c1ba1865599235d54857d9c44322f192eed53c1b8e
                                                                            • Opcode Fuzzy Hash: b763ef3f73092aee874dac04e58a7206c27fb5a2158ee15d03f048d659b31aa1
                                                                            • Instruction Fuzzy Hash: 66411B71A00344FFDB249F38CC45B6A7BF9EB88750F10852AF559DB282D779A9118780
                                                                            Function 007B56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 007B5783
                                                                            • GetLastError.KERNEL32(?,00000000), ref: 007B57A9
                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 007B57CE
                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 007B57FA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                            • String ID:
                                                                            • API String ID: 3321077145-0
                                                                            • Opcode ID: 454ab5b04dc5346a3f3074669d47267b16f52f37f85de54d564b4cd36af986ee
                                                                            • Instruction ID: a36fbbfefaf5ee56bc04a3ef12cc6ec7bca260436b761b2b0cf9728b0f8621eb
                                                                            • Opcode Fuzzy Hash: 454ab5b04dc5346a3f3074669d47267b16f52f37f85de54d564b4cd36af986ee
                                                                            • Instruction Fuzzy Hash: 9F410A35600611DFCB15DF15C548A5ABBE2EF89320B198888E84AAF362CB39FD40CB91
                                                                            Function 0077D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00766D71,00000000,00000000,007682D9,?,007682D9,?,00000001,00766D71,?,00000001,007682D9,007682D9), ref: 0077D910
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0077D999
                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0077D9AB
                                                                            • __freea.LIBCMT ref: 0077D9B4
                                                                              • Part of subcall function 00773820: RtlAllocateHeap.NTDLL(00000000,?,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6,?,00741129), ref: 00773852
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                            • String ID:
                                                                            • API String ID: 2652629310-0
                                                                            • Opcode ID: 5993e248ba32aa98e062d7834bb5268e7974f221514ca14ba2f9b31a555f6890
                                                                            • Instruction ID: c5195fbb12912e8a5c4b1e16a6d7a04b047ed11f503e5ffa7ddfa2a0e8caed62
                                                                            • Opcode Fuzzy Hash: 5993e248ba32aa98e062d7834bb5268e7974f221514ca14ba2f9b31a555f6890
                                                                            • Instruction Fuzzy Hash: EC31DE72A0021AABDF259F64DC45EAE7BB5EF41350F058268FD09D7250EB39ED50CBA0
                                                                            Function 007D52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 007D5352
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 007D5375
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007D5382
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007D53A8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                            • String ID:
                                                                            • API String ID: 3340791633-0
                                                                            • Opcode ID: 7ee7e5868fc6da0c011d88d1dff7c0467dea21d069e12c7bc8f843eaa5e166a4
                                                                            • Instruction ID: 380052fd31513468edcbbd46fd7dd65ce206be25b04374f32d06f28c2c1c90d8
                                                                            • Opcode Fuzzy Hash: 7ee7e5868fc6da0c011d88d1dff7c0467dea21d069e12c7bc8f843eaa5e166a4
                                                                            • Instruction Fuzzy Hash: 7331A134A55A08EFEF359E14CC4ABE87B76AB05398F584103FA11963E1C7BC9D90DB41
                                                                            Function 007AAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 007AABF1
                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 007AAC0D
                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 007AAC74
                                                                            • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 007AACC6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                            • String ID:
                                                                            • API String ID: 432972143-0
                                                                            • Opcode ID: 9b2efd315ec23bdb85443b1e8eb7173136b119c612cccbb50dc86879bfb5de87
                                                                            • Instruction ID: 1afde51ca00a3716ef76676ff91f496d465d18cb1bbb0d919ee5a46729829d25
                                                                            • Opcode Fuzzy Hash: 9b2efd315ec23bdb85443b1e8eb7173136b119c612cccbb50dc86879bfb5de87
                                                                            • Instruction Fuzzy Hash: 7731F630A44618BFFF258B6588087FA7BA6ABC6330F04831AE485921D1D37D8995D772
                                                                            Function 007D7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ClientToScreen.USER32(?,?), ref: 007D769A
                                                                            • GetWindowRect.USER32(?,?), ref: 007D7710
                                                                            • PtInRect.USER32(?,?,007D8B89), ref: 007D7720
                                                                            • MessageBeep.USER32(00000000), ref: 007D778C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 1352109105-0
                                                                            • Opcode ID: 9327ebfdcef67345a1b40385d2b9d7cbd2544498b59db39441018a43968df4ac
                                                                            • Instruction ID: 3bfd11d378282b36067c4a6acf503659c17ccbb0a2d46bfa4c52813f2cb935fc
                                                                            • Opcode Fuzzy Hash: 9327ebfdcef67345a1b40385d2b9d7cbd2544498b59db39441018a43968df4ac
                                                                            • Instruction Fuzzy Hash: 7541B134A09215DFCB05CF68C898EA9BBF4FF48320F5485AAE5249B361E334E941CF90
                                                                            Function 007D16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32 ref: 007D16EB
                                                                              • Part of subcall function 007A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 007A3A57
                                                                              • Part of subcall function 007A3A3D: GetCurrentThreadId.KERNEL32 ref: 007A3A5E
                                                                              • Part of subcall function 007A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007A25B3), ref: 007A3A65
                                                                            • GetCaretPos.USER32(?), ref: 007D16FF
                                                                            • ClientToScreen.USER32(00000000,?), ref: 007D174C
                                                                            • GetForegroundWindow.USER32 ref: 007D1752
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                            • String ID:
                                                                            • API String ID: 2759813231-0
                                                                            • Opcode ID: abd587e392f251511387734458fcb3afe744c8714ec96413784a4e7d7de89e39
                                                                            • Instruction ID: bd3bcfd1c64702615b129430b96bbfa8ff125283c6a5f8d40cc51f04e33ace2b
                                                                            • Opcode Fuzzy Hash: abd587e392f251511387734458fcb3afe744c8714ec96413784a4e7d7de89e39
                                                                            • Instruction Fuzzy Hash: F8316F75D01249EFC704EFA9C885DAEBBF9EF48304B5480AAE415E7211DB39DE45CBA0
                                                                            Function 007ADF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00747620: _wcslen.LIBCMT ref: 00747625
                                                                            • _wcslen.LIBCMT ref: 007ADFCB
                                                                            • _wcslen.LIBCMT ref: 007ADFE2
                                                                            • _wcslen.LIBCMT ref: 007AE00D
                                                                            • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 007AE018
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$ExtentPoint32Text
                                                                            • String ID:
                                                                            • API String ID: 3763101759-0
                                                                            • Opcode ID: 6dad234ff26b74bbeac00d28bc268bfc2b765ccb2f6f4a9b92a3c5930c2435ca
                                                                            • Instruction ID: 99dc0f3e93268772874157b647a3062ec4861447e70c662c19b641161ceb0841
                                                                            • Opcode Fuzzy Hash: 6dad234ff26b74bbeac00d28bc268bfc2b765ccb2f6f4a9b92a3c5930c2435ca
                                                                            • Instruction Fuzzy Hash: 2D21E571D00214EFCB20DFA8C982BAEB7F8EF8A750F114165E805BB245D7789E40CBA1
                                                                            Function 007D8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                            • GetCursorPos.USER32(?), ref: 007D9001
                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00797711,?,?,?,?,?), ref: 007D9016
                                                                            • GetCursorPos.USER32(?), ref: 007D905E
                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00797711,?,?,?), ref: 007D9094
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                            • String ID:
                                                                            • API String ID: 2864067406-0
                                                                            • Opcode ID: fd1a35980aea97735f4074e31bc827bf7e0718e9b65db8ad5edbc92a3966a1e7
                                                                            • Instruction ID: 8c8d515d3bd04a285686ae8c5465757ff2011e287328a98c3d34ba05e0303aef
                                                                            • Opcode Fuzzy Hash: fd1a35980aea97735f4074e31bc827bf7e0718e9b65db8ad5edbc92a3966a1e7
                                                                            • Instruction Fuzzy Hash: 7E21D131600018EFCF269F94EC58EFABBB9FF89350F148166FA0587261C3399990DB60
                                                                            Function 007AD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileAttributesW.KERNEL32(?,007DCB68), ref: 007AD2FB
                                                                            • GetLastError.KERNEL32 ref: 007AD30A
                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 007AD319
                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,007DCB68), ref: 007AD376
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                            • String ID:
                                                                            • API String ID: 2267087916-0
                                                                            • Opcode ID: 285655aa09da76bfd4f0c201b7fe8aa847deb218fd8078981a7bc6f30cf30123
                                                                            • Instruction ID: cac222b34054dfd923be4cdb97bf41399704616baa36a46889d7bc93be04ea23
                                                                            • Opcode Fuzzy Hash: 285655aa09da76bfd4f0c201b7fe8aa847deb218fd8078981a7bc6f30cf30123
                                                                            • Instruction Fuzzy Hash: EC216070505202DF8B20DF28C88546EB7E8AF96364F104B1EF4AAC72A1D739DD45CB93
                                                                            Function 007A1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007A1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 007A102A
                                                                              • Part of subcall function 007A1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 007A1036
                                                                              • Part of subcall function 007A1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007A1045
                                                                              • Part of subcall function 007A1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 007A104C
                                                                              • Part of subcall function 007A1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007A1062
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 007A15BE
                                                                            • _memcmp.LIBVCRUNTIME ref: 007A15E1
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A1617
                                                                            • HeapFree.KERNEL32(00000000), ref: 007A161E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                            • String ID:
                                                                            • API String ID: 1592001646-0
                                                                            • Opcode ID: 5ab34dc8b256c781e4c7ad4f9bf5377d2b1b25c14827c769300ad00f88d4e959
                                                                            • Instruction ID: 74c8af5d6ae393cd182cf60c6fb322b3421108bd62cdf7cc6f790887cc73db9a
                                                                            • Opcode Fuzzy Hash: 5ab34dc8b256c781e4c7ad4f9bf5377d2b1b25c14827c769300ad00f88d4e959
                                                                            • Instruction Fuzzy Hash: 7621B071E41109EFEF00DFA4C949BEEB7B8EF81344F498559E441AB241EB38AE04CB50
                                                                            Function 007D2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 007D280A
                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007D2824
                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007D2832
                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 007D2840
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$AttributesLayered
                                                                            • String ID:
                                                                            • API String ID: 2169480361-0
                                                                            • Opcode ID: eca84ce26d944d2085a8e1b3bde8cdb456cdb7c39105d351e63ca909b516d8db
                                                                            • Instruction ID: 1bf7daa9cf030a56b6caa28ef42f7f3876d99f11ff814daf690795b4ed489d70
                                                                            • Opcode Fuzzy Hash: eca84ce26d944d2085a8e1b3bde8cdb456cdb7c39105d351e63ca909b516d8db
                                                                            • Instruction Fuzzy Hash: 6421B231205111AFD7159B24C844F6AB7A5AF95324F14815AF4168B793C779FC43C790
                                                                            Function 007A78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007A8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,007A790A,?,000000FF,?,007A8754,00000000,?,0000001C,?,?), ref: 007A8D8C
                                                                              • Part of subcall function 007A8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 007A8DB2
                                                                              • Part of subcall function 007A8D7D: lstrcmpiW.KERNEL32(00000000,?,007A790A,?,000000FF,?,007A8754,00000000,?,0000001C,?,?), ref: 007A8DE3
                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,007A8754,00000000,?,0000001C,?,?,00000000), ref: 007A7923
                                                                            • lstrcpyW.KERNEL32(00000000,?), ref: 007A7949
                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,007A8754,00000000,?,0000001C,?,?,00000000), ref: 007A7984
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                            • String ID: cdecl
                                                                            • API String ID: 4031866154-3896280584
                                                                            • Opcode ID: 3d6549d4df42973494a572678ec7d3eff68b25a6d3af2cd3b470cf5ecd1d46c3
                                                                            • Instruction ID: df49f9c0dea57190a40d5bf4e0f23439a68bc8e3b62b27b5e651bdb795156aa7
                                                                            • Opcode Fuzzy Hash: 3d6549d4df42973494a572678ec7d3eff68b25a6d3af2cd3b470cf5ecd1d46c3
                                                                            • Instruction Fuzzy Hash: 3D11E93A201302ABDB155F34DC45D7B77A9FF86350B50812BF946C72A4EB799811C791
                                                                            Function 007D7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 007D7D0B
                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 007D7D2A
                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 007D7D42
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,007BB7AD,00000000), ref: 007D7D6B
                                                                              • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long
                                                                            • String ID:
                                                                            • API String ID: 847901565-0
                                                                            • Opcode ID: 55910123076c62d7a35551e6797202287d8b501d786e6f8cee13237f08f3741f
                                                                            • Instruction ID: aa81ac5fac2566658e2125f23e13e8e6b66c9f9e6864b8028b4720d8b22acf4f
                                                                            • Opcode Fuzzy Hash: 55910123076c62d7a35551e6797202287d8b501d786e6f8cee13237f08f3741f
                                                                            • Instruction Fuzzy Hash: F211D231205615AFCB158F28CC08AA63BBABF45370B218326F93ADB3F0E7348950DB50
                                                                            Function 007D5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 007D56BB
                                                                            • _wcslen.LIBCMT ref: 007D56CD
                                                                            • _wcslen.LIBCMT ref: 007D56D8
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 007D5816
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend_wcslen
                                                                            • String ID:
                                                                            • API String ID: 455545452-0
                                                                            • Opcode ID: 409c9c303145b1eefe5c5dec6b9c6f91ef36f739c1f0b0b4bfc57d374a535ea4
                                                                            • Instruction ID: 270a4968b935d8c5ab2686655d3f0a243fd285a74cf0cd6768ed3a8aa1f4e57d
                                                                            • Opcode Fuzzy Hash: 409c9c303145b1eefe5c5dec6b9c6f91ef36f739c1f0b0b4bfc57d374a535ea4
                                                                            • Instruction Fuzzy Hash: D111D371A00608A7DF209F65CC85EEE77BCEF10760B10806BF916D6281EB78DA84CF64
                                                                            Function 00771D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8f4e41449b31688af622ccb69545a94767d38f58eed5167de511bc5c92772e02
                                                                            • Instruction ID: f7e7db116446076d2bd6728a2c38508d6406ffca6f109e19efffebf954406c2c
                                                                            • Opcode Fuzzy Hash: 8f4e41449b31688af622ccb69545a94767d38f58eed5167de511bc5c92772e02
                                                                            • Instruction Fuzzy Hash: 9B01BCB230561A7EEE2116786CC1F27662CEF413F8B758326F528A11D2DB688C405A20
                                                                            Function 007A1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 007A1A47
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007A1A59
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007A1A6F
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007A1A8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: 0f4cd2b5b40d87b18f421750c5d85ecd18d08e91cc7843f806fa5db2436f47f5
                                                                            • Instruction ID: 0a9dcc78f1b4626a2e35337528226561c102c4bdc8b6b084ced9c680c535051e
                                                                            • Opcode Fuzzy Hash: 0f4cd2b5b40d87b18f421750c5d85ecd18d08e91cc7843f806fa5db2436f47f5
                                                                            • Instruction Fuzzy Hash: C8113C3AD01219FFEB11DBA4CD85FADBB78EB04750F204191E600B7290D6716E50DB94
                                                                            Function 007AE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThreadId.KERNEL32 ref: 007AE1FD
                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 007AE230
                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 007AE246
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 007AE24D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                            • String ID:
                                                                            • API String ID: 2880819207-0
                                                                            • Opcode ID: e6889fc380fc6ddeee099d39b6b3648bb95c8bd793d5fb0f7628ce287a1a9bbb
                                                                            • Instruction ID: 2d077330b1ad8b2529fac98dce9e9a1e22df6dc91a575e4831658712dce01cd1
                                                                            • Opcode Fuzzy Hash: e6889fc380fc6ddeee099d39b6b3648bb95c8bd793d5fb0f7628ce287a1a9bbb
                                                                            • Instruction Fuzzy Hash: D511E9B1904259BBCB119BA89C09A9E7BACBF85310F008315F924D3290D37889008761
                                                                            Function 0076D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateThread.KERNEL32(00000000,?,0076CFF9,00000000,00000004,00000000), ref: 0076D218
                                                                            • GetLastError.KERNEL32 ref: 0076D224
                                                                            • __dosmaperr.LIBCMT ref: 0076D22B
                                                                            • ResumeThread.KERNEL32(00000000), ref: 0076D249
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                            • String ID:
                                                                            • API String ID: 173952441-0
                                                                            • Opcode ID: 75056cf9fc8a55aeabdefe177a7f299a10932254e0c5b3de19bf1d750bfe7b43
                                                                            • Instruction ID: 94ea6e54101c11686c5ec16c652097d475ceb0606f74da0bda0a438ca82c15eb
                                                                            • Opcode Fuzzy Hash: 75056cf9fc8a55aeabdefe177a7f299a10932254e0c5b3de19bf1d750bfe7b43
                                                                            • Instruction Fuzzy Hash: 0401D276E15208BFCB215BA5DC09BAE7B69EF82330F114219FD26921D0DBB9CD41C6A1
                                                                            Function 007D9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                            • GetClientRect.USER32(?,?), ref: 007D9F31
                                                                            • GetCursorPos.USER32(?), ref: 007D9F3B
                                                                            • ScreenToClient.USER32(?,?), ref: 007D9F46
                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 007D9F7A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 4127811313-0
                                                                            • Opcode ID: 47139906365ec40e00048d22c16aeffc1b0cbe6d7f8662de5c07d0e45059388e
                                                                            • Instruction ID: 398e37c6a38e8153561e1f7681dd6db7d7b3fe6badf4c2c2fe64feab6e13def2
                                                                            • Opcode Fuzzy Hash: 47139906365ec40e00048d22c16aeffc1b0cbe6d7f8662de5c07d0e45059388e
                                                                            • Instruction Fuzzy Hash: 0B115A3290011AEBDF01DFA8D8499EE77B8FF05311F504552FA12E3240D738BA91CBA5
                                                                            Function 0074600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0074604C
                                                                            • GetStockObject.GDI32(00000011), ref: 00746060
                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0074606A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                            • String ID:
                                                                            • API String ID: 3970641297-0
                                                                            • Opcode ID: 2f67144cbb68351812ef8f2ff80f279a143fa4ce6a6a9dbdb9dea8e9ad7c5609
                                                                            • Instruction ID: b210e2fc66e5b8779ab8f9127d64d9775b77ac2d492b77b1a11b39a47f560501
                                                                            • Opcode Fuzzy Hash: 2f67144cbb68351812ef8f2ff80f279a143fa4ce6a6a9dbdb9dea8e9ad7c5609
                                                                            • Instruction Fuzzy Hash: A5115BB2502509BFEF125FA49C44EEABB69EF097A5F044216FA1452120D73ADC60DBA1
                                                                            Function 00763B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00763B56
                                                                              • Part of subcall function 00763AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00763AD2
                                                                              • Part of subcall function 00763AA3: ___AdjustPointer.LIBCMT ref: 00763AED
                                                                            • _UnwindNestedFrames.LIBCMT ref: 00763B6B
                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00763B7C
                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00763BA4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                            • String ID:
                                                                            • API String ID: 737400349-0
                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                            • Instruction ID: 5421f478581db165a1cf2aedac3e9d00d5fa0bf4171199498355e0055c859eeb
                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                            • Instruction Fuzzy Hash: 2F012972100149BBDF125E95CC46EEB3F6AEF49754F044014FE4966121C73AE961EBA0
                                                                            Function 00773073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007413C6,00000000,00000000,?,0077301A,007413C6,00000000,00000000,00000000,?,0077328B,00000006,FlsSetValue), ref: 007730A5
                                                                            • GetLastError.KERNEL32(?,0077301A,007413C6,00000000,00000000,00000000,?,0077328B,00000006,FlsSetValue,007E2290,FlsSetValue,00000000,00000364,?,00772E46), ref: 007730B1
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0077301A,007413C6,00000000,00000000,00000000,?,0077328B,00000006,FlsSetValue,007E2290,FlsSetValue,00000000), ref: 007730BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad$ErrorLast
                                                                            • String ID:
                                                                            • API String ID: 3177248105-0
                                                                            • Opcode ID: 576a45a924435cd05b5c2c944602b8367a09da6de799bd22fdae09ea76b32e1b
                                                                            • Instruction ID: 17580a00d9f8a9bede71bd8f7096ffdc05f90477d1b53e103c43dcaa7022a99e
                                                                            • Opcode Fuzzy Hash: 576a45a924435cd05b5c2c944602b8367a09da6de799bd22fdae09ea76b32e1b
                                                                            • Instruction Fuzzy Hash: 0301F732352227ABCF314B789C459677BAAAF05BE1B20C720F90DE7180DB29D901D6E0
                                                                            Function 007A7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 007A747F
                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 007A7497
                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 007A74AC
                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 007A74CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                            • String ID:
                                                                            • API String ID: 1352324309-0
                                                                            • Opcode ID: ad5ea4e30a946c17090afea5794c801947ac9790beeb8ec900bfcc32a2b07792
                                                                            • Instruction ID: a8f1c22c0ac982af91984df23901765268818228bc9fe49947a75544125a92b0
                                                                            • Opcode Fuzzy Hash: ad5ea4e30a946c17090afea5794c801947ac9790beeb8ec900bfcc32a2b07792
                                                                            • Instruction Fuzzy Hash: ED11C0B120A355EFE7208F14DD08F927FFCEB89B10F10866AA616D6191D7B8E904DB60
                                                                            Function 007AB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,007AACD3,?,00008000), ref: 007AB0C4
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,007AACD3,?,00008000), ref: 007AB0E9
                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,007AACD3,?,00008000), ref: 007AB0F3
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,007AACD3,?,00008000), ref: 007AB126
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CounterPerformanceQuerySleep
                                                                            • String ID:
                                                                            • API String ID: 2875609808-0
                                                                            • Opcode ID: 8c8f937da0216ac971335a819a6242c9d30046f2db6371f71ccff009853fce50
                                                                            • Instruction ID: f2366060823be4eb45e364a2e7a32c2253d5a6a8dea2afe89e0e68f42b88ef2d
                                                                            • Opcode Fuzzy Hash: 8c8f937da0216ac971335a819a6242c9d30046f2db6371f71ccff009853fce50
                                                                            • Instruction Fuzzy Hash: 8F118071C0152DE7CF00AFE4E9596EEBF78FF8A711F108196D981B2182CB389A50CB55
                                                                            Function 007D7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 007D7E33
                                                                            • ScreenToClient.USER32(?,?), ref: 007D7E4B
                                                                            • ScreenToClient.USER32(?,?), ref: 007D7E6F
                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 007D7E8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                            • String ID:
                                                                            • API String ID: 357397906-0
                                                                            • Opcode ID: 4f67f8ec660e92dce5b9bfe050aa8170c96091da1c78d3ad6c91be400009a393
                                                                            • Instruction ID: db6d4c117eec18a36e18e261be1aa1e1872d33b1d18fff69f3b5e155a73595fb
                                                                            • Opcode Fuzzy Hash: 4f67f8ec660e92dce5b9bfe050aa8170c96091da1c78d3ad6c91be400009a393
                                                                            • Instruction Fuzzy Hash: F31153B9D0020AAFDB41CF98C884AEEBBF9FF08310F509166E915E3210D735AA54CF94
                                                                            Function 007A2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 007A2DC5
                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 007A2DD6
                                                                            • GetCurrentThreadId.KERNEL32 ref: 007A2DDD
                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 007A2DE4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                            • String ID:
                                                                            • API String ID: 2710830443-0
                                                                            • Opcode ID: ce8437ca8332ca9ec82ec4a7ee3a2b4b05486ca7ccf8647b50e4bb4f9c1525fb
                                                                            • Instruction ID: 14fafa77d2dbcada5e4a6cc9c0f247dc3ab8eeceacd095898ed712f5fd49c2bd
                                                                            • Opcode Fuzzy Hash: ce8437ca8332ca9ec82ec4a7ee3a2b4b05486ca7ccf8647b50e4bb4f9c1525fb
                                                                            • Instruction Fuzzy Hash: E9E06D71203225BADB211B669C0EEEB3F7CEF83BA1F004116B505D10829AA9C841C6B0
                                                                            Function 007D8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00759639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00759693
                                                                              • Part of subcall function 00759639: SelectObject.GDI32(?,00000000), ref: 007596A2
                                                                              • Part of subcall function 00759639: BeginPath.GDI32(?), ref: 007596B9
                                                                              • Part of subcall function 00759639: SelectObject.GDI32(?,00000000), ref: 007596E2
                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 007D8887
                                                                            • LineTo.GDI32(?,?,?), ref: 007D8894
                                                                            • EndPath.GDI32(?), ref: 007D88A4
                                                                            • StrokePath.GDI32(?), ref: 007D88B2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                            • String ID:
                                                                            • API String ID: 1539411459-0
                                                                            • Opcode ID: c5c8b945d682c58572c37504233fa19766e5c6d96f89725b54c18e6257fa24d9
                                                                            • Instruction ID: aedc319702a45f57bc19ecaf2431fa4eedf82561dbe4c872d86e09e04a00e3f0
                                                                            • Opcode Fuzzy Hash: c5c8b945d682c58572c37504233fa19766e5c6d96f89725b54c18e6257fa24d9
                                                                            • Instruction Fuzzy Hash: BEF03A36046259FADF135F94AC0DFCA3F69AF06311F44C002FB11651E1C7B95511DBA9
                                                                            Function 007598B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSysColor.USER32(00000008), ref: 007598CC
                                                                            • SetTextColor.GDI32(?,?), ref: 007598D6
                                                                            • SetBkMode.GDI32(?,00000001), ref: 007598E9
                                                                            • GetStockObject.GDI32(00000005), ref: 007598F1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$ModeObjectStockText
                                                                            • String ID:
                                                                            • API String ID: 4037423528-0
                                                                            • Opcode ID: de25a10d3f80293692c1646022c99d403bb6050fd26d1e475dbae42932ec0b6a
                                                                            • Instruction ID: f300ecdea621f34bea2fdab5f235245da12ddcb30a02ea9bf0e05ec2ba61a505
                                                                            • Opcode Fuzzy Hash: de25a10d3f80293692c1646022c99d403bb6050fd26d1e475dbae42932ec0b6a
                                                                            • Instruction Fuzzy Hash: B4E06D31245295AADF225B74BC09BE83F20AB12336F14C21AF6FA580E1C37A4650DB20
                                                                            Function 007A162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThread.KERNEL32 ref: 007A1634
                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,007A11D9), ref: 007A163B
                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,007A11D9), ref: 007A1648
                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,007A11D9), ref: 007A164F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                            • String ID:
                                                                            • API String ID: 3974789173-0
                                                                            • Opcode ID: c41235428a471ba3d217490e677ff7ffc4ed3562f14d39d63b7c1abba670aadd
                                                                            • Instruction ID: ea245f34ab45fd73deba67a9d0acf97d055f1ba40b9eb4bb95f26b7f5f8cb419
                                                                            • Opcode Fuzzy Hash: c41235428a471ba3d217490e677ff7ffc4ed3562f14d39d63b7c1abba670aadd
                                                                            • Instruction Fuzzy Hash: 47E08631603212DBE7201FE09F0DB463B7CAF457A1F14C809F245C9080DA3C4440C758
                                                                            Function 0079D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDesktopWindow.USER32 ref: 0079D858
                                                                            • GetDC.USER32(00000000), ref: 0079D862
                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0079D882
                                                                            • ReleaseDC.USER32(?), ref: 0079D8A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 2889604237-0
                                                                            • Opcode ID: 7d49196bd6a89be1a8f456a35404e6784a4e9baa17df72d47298a65d1bc01fe8
                                                                            • Instruction ID: 1516180a22860a92a6652d23849e059c60dfed6464d8c632ca4d40d85c9dbe1f
                                                                            • Opcode Fuzzy Hash: 7d49196bd6a89be1a8f456a35404e6784a4e9baa17df72d47298a65d1bc01fe8
                                                                            • Instruction Fuzzy Hash: F4E01AB1801206DFCF529FA0D80CA6DBBB1FB08311F18C00AE806E7250C73C8945EF44
                                                                            Function 0079D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDesktopWindow.USER32 ref: 0079D86C
                                                                            • GetDC.USER32(00000000), ref: 0079D876
                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0079D882
                                                                            • ReleaseDC.USER32(?), ref: 0079D8A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 2889604237-0
                                                                            • Opcode ID: 68316f924ee7f42347e695525c8c4f50ae200cc049d211640dee85bdb0d5d6e4
                                                                            • Instruction ID: 9526009b90f3c7c400a5421a9e947d68b036171b166ffeb1bb7bceab06c7219f
                                                                            • Opcode Fuzzy Hash: 68316f924ee7f42347e695525c8c4f50ae200cc049d211640dee85bdb0d5d6e4
                                                                            • Instruction Fuzzy Hash: 00E012B1802202EFCB52AFA0D80C66DBBB1FB08311B18800AE90AE7250CB3C9905EF44
                                                                            Function 007B4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00747620: _wcslen.LIBCMT ref: 00747625
                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 007B4ED4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Connection_wcslen
                                                                            • String ID: *$LPT
                                                                            • API String ID: 1725874428-3443410124
                                                                            • Opcode ID: 085de2324d34ecf4caf2c0e2af9a3be0d403a7eacdf29ac93cfddcd3b30ba139
                                                                            • Instruction ID: 6bf99cdecafc1e3b71a6a8ed2ceaed1552a72251d25177182aa2b63900e97c53
                                                                            • Opcode Fuzzy Hash: 085de2324d34ecf4caf2c0e2af9a3be0d403a7eacdf29ac93cfddcd3b30ba139
                                                                            • Instruction Fuzzy Hash: 55912C75A00254DFCB14DF58C484FAABBF5AF44304F198099E80A9F3A2D779ED85CB91
                                                                            Function 0076E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __startOneArgErrorHandling.LIBCMT ref: 0076E30D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorHandling__start
                                                                            • String ID: pow
                                                                            • API String ID: 3213639722-2276729525
                                                                            • Opcode ID: 837c759a1fe8214a45f746f7a40982fdb4437dd813fbef6d58f8505d2b4d2487
                                                                            • Instruction ID: cb58a5423f1f6129e2740dd7fb4ef2721df0d594c96d95c73ff36ba44b49a4f9
                                                                            • Opcode Fuzzy Hash: 837c759a1fe8214a45f746f7a40982fdb4437dd813fbef6d58f8505d2b4d2487
                                                                            • Instruction Fuzzy Hash: A5516C65B0C502D6CF197714C9453793B98EB40780F34C968E8DB863E9DF3C8C95DA96
                                                                            Function 0075E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #
                                                                            • API String ID: 0-1885708031
                                                                            • Opcode ID: 93de9d83c16110a792fe81cf3ade536931ec039d400937b885910d145bb4f0f5
                                                                            • Instruction ID: bb1f0d7a788ce9401c47db81732d300ec5aca5a131936a9de3810f50dfddcec4
                                                                            • Opcode Fuzzy Hash: 93de9d83c16110a792fe81cf3ade536931ec039d400937b885910d145bb4f0f5
                                                                            • Instruction Fuzzy Hash: 83511E31904246DFDF19DFA8D085AFA7BA8FF15310F248015EC919B280DB7C9E86CBA1
                                                                            Function 0075F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNEL32(00000000), ref: 0075F2A2
                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0075F2BB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: GlobalMemorySleepStatus
                                                                            • String ID: @
                                                                            • API String ID: 2783356886-2766056989
                                                                            • Opcode ID: 086d8deea8f5d9cec074b5f3c08a153bc555d75a97d8417afbe3db350bf08df1
                                                                            • Instruction ID: 36c3634ba28abc6eb7c9986bcde6c2e7e3d3b31fcbbfa4d34ec435a8978bc226
                                                                            • Opcode Fuzzy Hash: 086d8deea8f5d9cec074b5f3c08a153bc555d75a97d8417afbe3db350bf08df1
                                                                            • Instruction Fuzzy Hash: 15513872409744DBD320AF50D88ABABBBF8FB84300F81885DF1D9411A5EB758529CB6B
                                                                            Function 007C5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 007C57E0
                                                                            • _wcslen.LIBCMT ref: 007C57EC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharUpper_wcslen
                                                                            • String ID: CALLARGARRAY
                                                                            • API String ID: 157775604-1150593374
                                                                            • Opcode ID: d30c2463c484d692f22dbf314495815720a310a5c5aa22c4a0c75d72f795c3f1
                                                                            • Instruction ID: 07ce9b56c6971559b73b575a2d77eb296e38046ae50183de4a9a30df83118a83
                                                                            • Opcode Fuzzy Hash: d30c2463c484d692f22dbf314495815720a310a5c5aa22c4a0c75d72f795c3f1
                                                                            • Instruction Fuzzy Hash: 83417C31A00209DFCB14DFA8C885EAEBBF5EF59360F14416DF505A7291E779AD81CBA0
                                                                            Function 007BD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 007BD130
                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 007BD13A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CrackInternet_wcslen
                                                                            • String ID: |
                                                                            • API String ID: 596671847-2343686810
                                                                            • Opcode ID: 22dd33926adce54be2e2732f3dfea75aa2c92442821c1e11a1dc126971fd83a3
                                                                            • Instruction ID: a0a43589f36bb7484c84ebe59446edb0abf77784b9266f37c103aad6ab27c420
                                                                            • Opcode Fuzzy Hash: 22dd33926adce54be2e2732f3dfea75aa2c92442821c1e11a1dc126971fd83a3
                                                                            • Instruction Fuzzy Hash: 86313E71D01219EBCF15EFA4CC89AEEBFB9FF05300F004019F915A6162E739AA06DB50
                                                                            Function 007D356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 007D3621
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 007D365C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$DestroyMove
                                                                            • String ID: static
                                                                            • API String ID: 2139405536-2160076837
                                                                            • Opcode ID: 9fc0771429a4a2c60cfd5ec641d307341e9546819a3e1fca134bf90b3981ea73
                                                                            • Instruction ID: 221fd49197299c35f070cd0e735a01ce688c22e45b83f5c428ca48676120f0a6
                                                                            • Opcode Fuzzy Hash: 9fc0771429a4a2c60cfd5ec641d307341e9546819a3e1fca134bf90b3981ea73
                                                                            • Instruction Fuzzy Hash: E9318B71110604AEDB109F38DC81EFB73B9FF88720F00961AF9A597290DA39ED91D761
                                                                            Function 007D4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 007D461F
                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007D4634
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: '
                                                                            • API String ID: 3850602802-1997036262
                                                                            • Opcode ID: e71177e9116202e2a7b6b5882e7fbac28eabe9036e54a9c84256aff7f5c6360c
                                                                            • Instruction ID: c5d6fc85d8bcc60e3f2db2f00e8afdf04057c289bd9c6870b524f5fbc0d3d19e
                                                                            • Opcode Fuzzy Hash: e71177e9116202e2a7b6b5882e7fbac28eabe9036e54a9c84256aff7f5c6360c
                                                                            • Instruction Fuzzy Hash: D6313674A0120AAFDF14CFA9D981BDABBB5FF09300F14406AE906AB381D774E951CF90
                                                                            Function 007D31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 007D327C
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007D3287
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: Combobox
                                                                            • API String ID: 3850602802-2096851135
                                                                            • Opcode ID: 7ed2fe6a31b1fa624ad79a1325fafb95bfa8749bf3b6ef9b4ed7ec5b71dc21d6
                                                                            • Instruction ID: a7afec389fed591c7841eae1139ca7ae189b57c902d55012a89e787c7e191479
                                                                            • Opcode Fuzzy Hash: 7ed2fe6a31b1fa624ad79a1325fafb95bfa8749bf3b6ef9b4ed7ec5b71dc21d6
                                                                            • Instruction Fuzzy Hash: A511B271B00208BFEF219F54DC85EBB3B7AFB94364F10412AF91897390D679AD518761
                                                                            Function 007D3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0074600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0074604C
                                                                              • Part of subcall function 0074600E: GetStockObject.GDI32(00000011), ref: 00746060
                                                                              • Part of subcall function 0074600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0074606A
                                                                            • GetWindowRect.USER32(00000000,?), ref: 007D377A
                                                                            • GetSysColor.USER32(00000012), ref: 007D3794
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                            • String ID: static
                                                                            • API String ID: 1983116058-2160076837
                                                                            • Opcode ID: 67828f638e637f8244eed2484390e5757c72353551d41986729cc8d5f0fac567
                                                                            • Instruction ID: 1ebb60005155e422c50042740b487fd43f04f78f5e85490b229f4752a4ec9688
                                                                            • Opcode Fuzzy Hash: 67828f638e637f8244eed2484390e5757c72353551d41986729cc8d5f0fac567
                                                                            • Instruction Fuzzy Hash: 2C1129B261060AAFDF01DFA8CC46EEA7BB8FB08354F004516F955E2250D739E851DB61
                                                                            Function 007BCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 007BCD7D
                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 007BCDA6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$OpenOption
                                                                            • String ID: <local>
                                                                            • API String ID: 942729171-4266983199
                                                                            • Opcode ID: d4b10dda1aece615befeff20c34a0e52bdd72a9a5afd02ca3f431930e43d110f
                                                                            • Instruction ID: 849a129989ee8f8dee1fa56e969038bf23711c8cc205bfafc7c9adc0855457db
                                                                            • Opcode Fuzzy Hash: d4b10dda1aece615befeff20c34a0e52bdd72a9a5afd02ca3f431930e43d110f
                                                                            • Instruction Fuzzy Hash: 1711C679305632BAD7364B668C49FE7BE6CEF527A4F40822AB14983180D7789840D6F0
                                                                            Function 007D3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 007D34AB
                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 007D34BA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LengthMessageSendTextWindow
                                                                            • String ID: edit
                                                                            • API String ID: 2978978980-2167791130
                                                                            • Opcode ID: 4f3b6c3d793ebdee9623cd74e9fea250bbec32f1a58a729b25b8e5d0a5111f71
                                                                            • Instruction ID: 4ee908437112e4d55d07285f13b0bfa99c0bb8549d3786f38351b8ae5af4a212
                                                                            • Opcode Fuzzy Hash: 4f3b6c3d793ebdee9623cd74e9fea250bbec32f1a58a729b25b8e5d0a5111f71
                                                                            • Instruction Fuzzy Hash: 8C116D71100148AAEB125E64EC44AFB377AEB05374F508326F961932E0C77DDC519756
                                                                            Function 007A6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 007A6CB6
                                                                            • _wcslen.LIBCMT ref: 007A6CC2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: STOP
                                                                            • API String ID: 1256254125-2411985666
                                                                            • Opcode ID: df8fcecedf15b7d337e6de689bd1adaf3d7b429df5504a4ea029cad5b791571a
                                                                            • Instruction ID: 414259e503c7a3d01e581c6718b4be7e6ee9109b05f15ff8cbca2aa0a4bd2987
                                                                            • Opcode Fuzzy Hash: df8fcecedf15b7d337e6de689bd1adaf3d7b429df5504a4ea029cad5b791571a
                                                                            • Instruction Fuzzy Hash: ED010432700527CBCB20AFBDDC848BF73B4EFA27607050624E96292195EB39E900C660
                                                                            Function 007A1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                              • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 007A1D4C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: 5d5631717e445543b230f9e07bc5974b7e2b06daaa1a3363fd2884be58a76e76
                                                                            • Instruction ID: c7807bd760a4a0fc90aaaca127921a1bd558ed3dae1d921fafd9cd236e250776
                                                                            • Opcode Fuzzy Hash: 5d5631717e445543b230f9e07bc5974b7e2b06daaa1a3363fd2884be58a76e76
                                                                            • Instruction Fuzzy Hash: B501B575741214ABDB04EBA4CC598FF7768FB87360F440B19B932673C1EB3859088671
                                                                            Function 007A1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                              • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 007A1C46
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: 19a8393855c41fe6e30087481530670d0f5b5f345638a5f9480cea107c54e460
                                                                            • Instruction ID: 7362d6c8825f423686980ac9d951a96ae4ba53277631ab4f2621f95aec554da5
                                                                            • Opcode Fuzzy Hash: 19a8393855c41fe6e30087481530670d0f5b5f345638a5f9480cea107c54e460
                                                                            • Instruction Fuzzy Hash: 8F01A775AC1104A6DB04EBA0CD659FF77A89B52360F540119B516772C2EB2C9E08C6B1
                                                                            Function 007A1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                              • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 007A1CC8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: ff148ffc9c1fa445536e5aaebf1be34f2189861eea2a4b0d4c7976c51c20b30d
                                                                            • Instruction ID: faca12215f2772ef2ba10cbaf0fc0f87d4a741d97e5bf5069ac1958174403607
                                                                            • Opcode Fuzzy Hash: ff148ffc9c1fa445536e5aaebf1be34f2189861eea2a4b0d4c7976c51c20b30d
                                                                            • Instruction Fuzzy Hash: EA01D675A81118A7DF04EBA4CE55AFF77ACAB52350F540115B912B32C2EB2C9F08C6B1
                                                                            Function 007A1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                              • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 007A1DD3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: bc43fcd0e13ece312ea5cace18a810606a77790f2472971928d3efa970d4701f
                                                                            • Instruction ID: 9d43438049d60e7d3ee7c9bad4d2f69eca8fa7cda391dd2d798e1de31774da48
                                                                            • Opcode Fuzzy Hash: bc43fcd0e13ece312ea5cace18a810606a77790f2472971928d3efa970d4701f
                                                                            • Instruction Fuzzy Hash: E8F0A971B41214A6D704F7A4CD55AFF777CAB42350F440A15B532632C1DB68590886B0
                                                                            Function 007C747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: 3, 3, 16, 1
                                                                            • API String ID: 176396367-3042988571
                                                                            • Opcode ID: a689524278926202e18a02f667998b5aa124582683d6b475534856969a960db2
                                                                            • Instruction ID: 1d837d3a3d7390614c032b351bd5f123c3c71919941c3e16a7bcd6427b7075b1
                                                                            • Opcode Fuzzy Hash: a689524278926202e18a02f667998b5aa124582683d6b475534856969a960db2
                                                                            • Instruction Fuzzy Hash: EBE02B0264476064A23D12799CC5F7F578ADFC5750710182FFD82D2266EE9C9E91D3A0
                                                                            Function 007A0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 007A0B23
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Message
                                                                            • String ID: AutoIt$Error allocating memory.
                                                                            • API String ID: 2030045667-4017498283
                                                                            • Opcode ID: 75fb97045b283c7eb0109c65d496c6a2bc3bcd50dd7d3cc7b3476b8734adbde4
                                                                            • Instruction ID: 2f7294aff169c86f5df644dd808f185567ddfd31e6c170095983691fd524b4b9
                                                                            • Opcode Fuzzy Hash: 75fb97045b283c7eb0109c65d496c6a2bc3bcd50dd7d3cc7b3476b8734adbde4
                                                                            • Instruction Fuzzy Hash: 03E0D831344309A6D2153754BC07FC97B948F05B21F100427FB58955C38AEA285086F9
                                                                            Function 00760D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0075F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00760D71,?,?,?,0074100A), ref: 0075F7CE
                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0074100A), ref: 00760D75
                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0074100A), ref: 00760D84
                                                                            Strings
                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00760D7F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                            • API String ID: 55579361-631824599
                                                                            • Opcode ID: f10e6c7fd90df753855fa5b2ac844ca4aa616ae3e54bc18496b3d58070efb570
                                                                            • Instruction ID: f7f406be1512178b2e2d38d468b21b67036c714fa25136b1ee27658c63a9fe0f
                                                                            • Opcode Fuzzy Hash: f10e6c7fd90df753855fa5b2ac844ca4aa616ae3e54bc18496b3d58070efb570
                                                                            • Instruction Fuzzy Hash: EFE039702003018BD3209FA8E8082427BF4BB04745F008A2EE882C6755DBBCE4448BE1
                                                                            Function 007B3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 007B302F
                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 007B3044
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Temp$FileNamePath
                                                                            • String ID: aut
                                                                            • API String ID: 3285503233-3010740371
                                                                            • Opcode ID: 54bd75873cda700524cf30517e088289c031d96c9debde387c7128325e1fdc52
                                                                            • Instruction ID: 98d8bf34dde6ba7318b1230c56352e00062b5a892c234a571b30998bce8787ca
                                                                            • Opcode Fuzzy Hash: 54bd75873cda700524cf30517e088289c031d96c9debde387c7128325e1fdc52
                                                                            • Instruction Fuzzy Hash: 95D05B7150132467DA60A794AC0DFC73B7CEB04750F000252B655D60D1DAB4A544CAD4
                                                                            Function 0079D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LocalTime
                                                                            • String ID: %.3d$X64
                                                                            • API String ID: 481472006-1077770165
                                                                            • Opcode ID: 0b704af06219ca7469a08e49f63ed12218d77e1e1c2d8b88023cc251bbd7a7e6
                                                                            • Instruction ID: f97444d15e2826db3bc3c157ecc4d3b4efb3cef0be6f25c9ebd912a82c988033
                                                                            • Opcode Fuzzy Hash: 0b704af06219ca7469a08e49f63ed12218d77e1e1c2d8b88023cc251bbd7a7e6
                                                                            • Instruction Fuzzy Hash: 6AD062A5C09119E9CFB097E0ED499F9B37CFB18341F908452FD16D1180D66CDD48A761
                                                                            Function 007D2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007D236C
                                                                            • PostMessageW.USER32(00000000), ref: 007D2373
                                                                              • Part of subcall function 007AE97B: Sleep.KERNEL32 ref: 007AE9F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FindMessagePostSleepWindow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 529655941-2988720461
                                                                            • Opcode ID: 23f9a23291813faf99d855216f2cea4b8ab13673096e46c2fc2b1ec69f77559b
                                                                            • Instruction ID: dd2b108683bae36aa1d6d813ad1bf194fe22831c56e7bb23bc9e887e070fb6fa
                                                                            • Opcode Fuzzy Hash: 23f9a23291813faf99d855216f2cea4b8ab13673096e46c2fc2b1ec69f77559b
                                                                            • Instruction Fuzzy Hash: D6D0C73138131176E56567709C0FFC676549745710F1086567655D51D0D9A8B411CA58
                                                                            Function 007D2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007D232C
                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 007D233F
                                                                              • Part of subcall function 007AE97B: Sleep.KERNEL32 ref: 007AE9F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FindMessagePostSleepWindow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 529655941-2988720461
                                                                            • Opcode ID: 545b6a392603a6e6da50acac71ab3d65b867d30759b022037a4421e1bd26d477
                                                                            • Instruction ID: c3012cab3873228710d7ab02e47d0d1f469e023e910d96f509d9067c7c156719
                                                                            • Opcode Fuzzy Hash: 545b6a392603a6e6da50acac71ab3d65b867d30759b022037a4421e1bd26d477
                                                                            • Instruction Fuzzy Hash: 8CD0C936395311B6EAA4A770AC0FFC67A68AB40B10F108A567656AA1D0D9A8A811CA58
                                                                            Function 0077BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0077BE93
                                                                            • GetLastError.KERNEL32 ref: 0077BEA1
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0077BEFC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1652564797.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                            • Associated: 00000000.00000002.1652543946.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652612672.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652742267.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1652767300.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_740000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                            • String ID:
                                                                            • API String ID: 1717984340-0
                                                                            • Opcode ID: b94c78de07722eab3fb33f515f268fa0f4e0d8e6e14f21fc0a22e2bac1957661
                                                                            • Instruction ID: 2846f67f3ba02a93eee46b92fd74493804d88b833b2ed448c8ab19fbc5c7d488
                                                                            • Opcode Fuzzy Hash: b94c78de07722eab3fb33f515f268fa0f4e0d8e6e14f21fc0a22e2bac1957661
                                                                            • Instruction Fuzzy Hash: C641F635601216EFCF218FA4CC94BBA7BA4EF41B90F14C16AF95D972A1DB388D00CB51

                                                                            Execution Graph

                                                                            Execution Coverage:0.3%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:100%
                                                                            Total number of Nodes:6
                                                                            Total number of Limit Nodes:0
                                                                            execution_graph 5001 1f6a62092b7 5002 1f6a62092c7 NtQuerySystemInformation 5001->5002 5003 1f6a6209264 5002->5003 5004 1f6a6226a72 5005 1f6a6226ac9 NtQuerySystemInformation 5004->5005 5006 1f6a6224e44 5004->5006 5005->5006

                                                                            Callgraph

                                                                            Executed Functions

                                                                            Function 000001F6A6226A72 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000011.00000002.2909287363.000001F6A6224000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001F6A6224000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_17_2_1f6a6224000_firefox.jbxd
                                                                            Similarity
                                                                            • API ID: InformationQuerySystem
                                                                            • String ID: #$#$#$4$>$>$>$A$z$z
                                                                            • API String ID: 3562636166-3072146587
                                                                            • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                            • Instruction ID: 294ff8282f941b4d20d23396f4c38e58322353e8e55356d97cddf3a6c2a0abcd
                                                                            • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                            • Instruction Fuzzy Hash: 93A3D471628A498BDB2EDF28CC856F973E5FB98300F14427ED84AD7255DF35EA028781