Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1504582
MD5:defd39769340947b16036d0ce301eacd
SHA1:4d4e3d6e99f2598237cc0560b0b7666e7d16ad43
SHA256:fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7624 cmdline: "C:\Users\user\Desktop\file.exe" MD5: DEFD39769340947B16036D0CE301EACD)
    • msedge.exe (PID: 7664 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7976 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,14014795037876426024,10836823907015113574,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 7684 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7856 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7888 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8976 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2312 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c8e9b1-f66c-434b-8c3c-c115c545f02b} 7888 "\\.\pipe\gecko-crash-server-pipe.7888" 18ba2a6e510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9508 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4296 -parentBuildID 20230927232528 -prefsHandle 3864 -prefMapHandle 4288 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4abacea7-2677-4079-adfd-c5f883d9b5e1} 7888 "\\.\pipe\gecko-crash-server-pipe.7888" 18bb4bdf610 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 8044 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4828 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3996 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8748 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6364 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8764 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6440 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 8220 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6972 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 8640 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6972 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 8028 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6724 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 10192 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8728 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2096,i,1085199010807938002,11552670726685906532,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8644 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9960 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2024,i,17758655322861619230,17304176494538820635,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeVirustotal: Detection: 26%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:61476 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:61483 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:61484 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.4:61485 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:61487 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:61489 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:61490 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:61492 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:61497 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:61496 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:61498 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0053DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005468EE FindFirstFileW,FindClose,0_2_005468EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0054698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0053D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0053D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00549642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00549642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0054979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00549B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00549B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00545C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00545C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 95MB
Source: global trafficTCP traffic: 192.168.2.4:61452 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.228
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0054CE44
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726099078&P2=404&P3=2&P4=mmJBR9cEvRv%2f3dkzLfTY3JBrKTtSCKsmh%2bfH2F4V2YcYQ5muL0qM7bYaP6XrLCMuKow7v71EJCTUrk1a2md64g%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: nWefcn5wXhtkjHvrl3By++Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=VS9nhum5WpCXfS4&MD=GPPX+CVv HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=VS9nhum5WpCXfS4&MD=GPPX+CVv HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.1803889436.0000018BB31D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2103683486.0000018BB3178000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1803889436.0000018BB3176000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000005.00000003.1805176188.0000018BB2584000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000005.00000003.2040735921.0000018BB0C91000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104200085.0000018BB1271000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2040335375.0000018BB1271000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043812708.0000018BAEBC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104227668.0000018BAEBC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000005.00000003.2040441373.0000018BB0CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000005.00000003.2039515266.0000018BB29BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000005.00000003.2039515266.0000018BB29BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2039515266.0000018BB29BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2039515266.0000018BB29BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2039515266.0000018BB29BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2039515266.0000018BB29BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2039515266.0000018BB29BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000005.00000003.2039515266.0000018BB29BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000005.00000003.2039515266.0000018BB29BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2040183331.0000018BB127D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2039936607.0000018BB292F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2039515266.0000018BB29BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2039515266.0000018BB29BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2354564144.0000018BAE255000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000005.00000003.2043732734.0000018BAEBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.2043206745.0000018BAF9A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.2033766112.0000018BB4CF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1847071479.0000018BB479F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2042380882.0000018BB479F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2040183331.0000018BB127D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043206745.0000018BAF9A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.2043206745.0000018BAF9A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2043206745.0000018BAF9A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000005.00000003.2325013683.0000018BAB6D6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2325074438.0000018BAB6D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: firefox.exe, 00000005.00000003.2325013683.0000018BAB6D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w2
Source: firefox.exe, 00000005.00000003.1849172595.0000018BAE226000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000005.00000003.1848873113.0000018BAE281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104541977.0000018BAE281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007642252.0000018BAE281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000005.00000003.1849172595.0000018BAE226000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000005.00000003.1848873113.0000018BAE281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104541977.0000018BAE281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007642252.0000018BAE281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000005.00000003.1849172595.0000018BAE226000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000005.00000003.1830798417.0000018E0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748033963.0000018BB4B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1713540088.0000018BAFEF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1796927738.0000018BB2AD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2373099295.0000018BB2AFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104065719.0000018BB2B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1794139338.0000018BB505F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2373099295.0000018BB2AF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2033934367.0000018BB4B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1796807530.0000018BB2AEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1805176188.0000018BB255F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2038086200.0000018BB4B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2322359646.0000018BB4B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2373099295.0000018BB2AD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2103475236.0000018BB4B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2042592139.0000018BB4785000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1796807530.0000018BB2AFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2039251395.0000018BB2B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2035181499.0000018BB2B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1795027873.0000018BB2AEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1803242578.0000018BB5D2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000005.00000003.2043732734.0000018BAEBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000005.00000003.2354564144.0000018BAE255000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000005.00000003.2354564144.0000018BAE255000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000005.00000003.2333610977.0000018BAB6E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333578105.0000018BAB6D6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2401418022.0000018BAB6E5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400292167.0000018BAB6E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
Source: firefox.exe, 00000005.00000003.2403945563.0000018BAB6E2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403594514.0000018BAB6E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comTC
Source: firefox.exe, 00000005.00000003.2407261498.0000018BB4178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: firefox.exe, 00000005.00000003.2403945563.0000018BAB6E2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333610977.0000018BAB6E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333578105.0000018BAB6D6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2401857606.0000018BAB6E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333476969.0000018BAB6E5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2401418022.0000018BAB6E5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333412406.0000018BAB6E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403594514.0000018BAB6E2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400292167.0000018BAB6E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comm
Source: firefox.exe, 00000005.00000003.2321243176.0000018BAB6E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2325074438.0000018BAB6D6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2321404807.0000018BAB6E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2321488143.0000018BAB6E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2321326898.0000018BAB6E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2325159400.0000018BAB6D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000005.00000003.2321326898.0000018BAB6E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2325159400.0000018BAB6D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000005.00000003.2321669039.0000018BAB6E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2321404807.0000018BAB6E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2321811779.0000018BAB6E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2321488143.0000018BAB6E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2321326898.0000018BAB6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comcom
Source: firefox.exe, 00000005.00000003.2325074438.0000018BAB6D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comm
Source: firefox.exe, 00000005.00000003.2331289427.0000018BAB6E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: firefox.exe, 00000005.00000003.2331289427.0000018BAB6E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnt
Source: firefox.exe, 00000005.00000003.2330527609.0000018BAB6E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.krh
Source: firefox.exe, 00000005.00000003.2354564144.0000018BAE255000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000005.00000003.2043732734.0000018BAEBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.2005747185.0000018BB1280000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2005533102.0000018BB2B46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000005.00000003.2407261498.0000018BB4178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: firefox.exe, 00000005.00000003.2407261498.0000018BB4178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: firefox.exe, 00000010.00000002.2887819407.000001E6D6F9C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1741473612.000001E6D6F9C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1743515529.000001E6D6F9C000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.5.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.1704938310.0000018BB2757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704505379.0000018BB272C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704379046.0000018BB2717000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704109804.0000018BB2500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704650396.0000018BB2741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705100867.0000018BB276C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705221882.0000018BB2781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.1791644478.0000018BB5D6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: Session_13369967874941222.7.dr, 08fa6231-2709-480b-ae6e-8087f5e32e45.tmp.8.drString found in binary or memory: https://accounts.google.com
Source: Session_13369967874941222.7.dr, 000003.log2.7.drString found in binary or memory: https://accounts.google.com/
Source: History.7.dr, Favicons.7.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 0000000D.00000002.2883446663.0000027FA473A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?se
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13369967874941222.7.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000003.1638678014.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1639508478.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1641172704.000002D4875AD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1641667483.000002D4875B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000D.00000002.2883446663.0000027FA473A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_C
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000005.00000003.1848555894.0000018BAE3E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000005.00000003.1803889436.0000018BB31D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2103683486.0000018BB3178000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1803889436.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2327682911.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2353919076.0000018BB31D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2034796801.0000018BB3178000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2353919076.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2035815705.0000018BB3178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000005.00000003.2043524169.0000018BAF980000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043524169.0000018BAF965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2006101383.0000018BAF965000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2043644091.0000018BAEBEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2006466604.0000018BAEBEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://bard.google.com/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007363804.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1848704526.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104335515.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2884278149.0000027FA4ACA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2888189336.000001E6D7103000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007363804.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1848704526.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104335515.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2884278149.0000027FA4ACA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2888189336.000001E6D7103000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 00000005.00000003.1794987146.0000018BB45C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: Reporting and NEL.7.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State0.7.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json.7.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.7.drString found in binary or memory: https://chromewebstore.google.com/
Source: 08fa6231-2709-480b-ae6e-8087f5e32e45.tmp.8.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.7.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 08fa6231-2709-480b-ae6e-8087f5e32e45.tmp.8.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.1704938310.0000018BB2757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704505379.0000018BB272C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704379046.0000018BB2717000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704109804.0000018BB2500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704650396.0000018BB2741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705100867.0000018BB276C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705221882.0000018BB2781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007363804.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1848704526.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104335515.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2884278149.0000027FA4ACA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2888189336.000001E6D7103000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007363804.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1848704526.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104335515.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2884278149.0000027FA4ACA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2888189336.000001E6D7103000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000005.00000003.1848555894.0000018BAE3C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json0.7.drString found in binary or memory: https://docs.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000005.00000003.1704938310.0000018BB2757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2034796801.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704505379.0000018BB272C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704379046.0000018BB2717000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1803889436.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2327682911.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704109804.0000018BB2500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704650396.0000018BB2741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2353919076.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705100867.0000018BB276C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705221882.0000018BB2781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000005.00000003.2040441373.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707743927.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2045816080.0000018BB0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1798076411.0000018BB0539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790057701.0000018BB0538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2005972163.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706812568.0000018BB051F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706402926.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806568039.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000005.00000003.2354564144.0000018BAE255000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000005.00000003.2354564144.0000018BAE255000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log0.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.7.dr, 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.7.dr, 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.7.dr, 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.7.dr, 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.7.dr, 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.7.dr, 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.7.dr, 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: firefox.exe, 00000005.00000003.2040441373.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707743927.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2045816080.0000018BB0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1798076411.0000018BB0539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790057701.0000018BB0538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2005972163.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706812568.0000018BB051F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706402926.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806568039.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2104227668.0000018BAEBC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2104227668.0000018BAEBC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: 08fa6231-2709-480b-ae6e-8087f5e32e45.tmp.8.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2006408669.0000018BAF922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043206745.0000018BAF9EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000005.00000003.1806706969.0000018BAF9EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1848083587.0000018BAF9EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043206745.0000018BAF9EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.commodificationTime
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000005.00000003.1704938310.0000018BB2757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704505379.0000018BB272C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704379046.0000018BB2717000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704109804.0000018BB2500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704650396.0000018BB2741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705100867.0000018BB276C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.2038059102.0000018BB501A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748033963.0000018BB4BC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2038086200.0000018BB4BC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000005.00000003.1848555894.0000018BAE3E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000005.00000003.2327682911.0000018BB31C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/45e26519-596d-41a5-b290-e547b44111fd/health/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000005.00000003.2006769572.0000018BAEBC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2043760105.0000018BAEBD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.1794987146.0000018BB454B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000005.00000003.2262091656.000000E892280000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1791644478.0000018BB5D6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000005.00000003.2262091656.000000E892280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZ
Source: firefox.exe, 00000005.00000003.1803497871.0000018BB5322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1791644478.0000018BB5D6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://m.kugou.com/
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://m.soundcloud.com/
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000005.00000003.2040441373.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707743927.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2045816080.0000018BB0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1798076411.0000018BB0539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790057701.0000018BB0538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2005972163.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706812568.0000018BB051F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706402926.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806568039.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000005.00000003.2040441373.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707743927.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2045816080.0000018BB0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1798076411.0000018BB0539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790057701.0000018BB0538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2005972163.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706812568.0000018BB051F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706402926.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806568039.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000005.00000003.2354564144.0000018BAE255000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000005.00000003.2040441373.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707743927.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2045816080.0000018BB0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1798076411.0000018BB0539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790057701.0000018BB0538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2005972163.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706812568.0000018BB051F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706402926.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806568039.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000005.00000003.2354564144.0000018BAE255000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 0000000D.00000002.2884278149.0000027FA4A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2884250645.000001E6D6891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.1848555894.0000018BAE3E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://music.amazon.com
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://music.apple.com
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://open.spotify.com
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000005.00000003.2040441373.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707743927.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2045816080.0000018BB0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1798076411.0000018BB0539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790057701.0000018BB0538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2005972163.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706812568.0000018BB051F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706402926.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806568039.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: 08fa6231-2709-480b-ae6e-8087f5e32e45.tmp.8.drString found in binary or memory: https://play.google.com
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.2040441373.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707743927.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2045816080.0000018BB0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1798076411.0000018BB0539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790057701.0000018BB0538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2005972163.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706812568.0000018BB051F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706402926.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806568039.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000005.00000003.2354564144.0000018BAE255000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000005.00000003.2005972163.0000018BB0CAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000005.00000003.2040735921.0000018BB0C91000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104200085.0000018BB1271000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2040335375.0000018BB1271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000005.00000003.2040735921.0000018BB0C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000005.00000003.2040373408.0000018BB0CDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000005.00000003.2040373408.0000018BB0CDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000005.00000003.2040373408.0000018BB0CDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000005.00000003.2040373408.0000018BB0CDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000005.00000003.2040183331.0000018BB127D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000005.00000003.2040373408.0000018BB0CDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.1848555894.0000018BAE3E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000005.00000003.1705100867.0000018BB276C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000005.00000003.2104335515.0000018BAE29B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE29B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.1804119185.0000018BB2D97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1752059518.0000018BB2D97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2042936112.0000018BB2DC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806286914.0000018BB2DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000005.00000003.1804119185.0000018BB2D97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1752059518.0000018BB2D97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2042936112.0000018BB2DC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806286914.0000018BB2DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000005.00000003.1803889436.0000018BB31D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2103683486.0000018BB3178000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1803889436.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2327682911.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2353919076.0000018BB31D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2034796801.0000018BB3178000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2353919076.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2035815705.0000018BB3178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000005.00000003.1848555894.0000018BAE3E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.1805828309.0000018BB50EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1846616333.0000018BB50F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1794139338.0000018BB50EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000005.00000003.1792882808.0000018BB5353000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2039936607.0000018BB292F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFoundT
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeededTo
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.1848555894.0000018BAE3E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://web.telegram.org/
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007363804.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1848704526.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104335515.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2884278149.0000027FA4ACA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2888189336.000001E6D7103000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000005.00000003.1704938310.0000018BB2757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704505379.0000018BB272C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704379046.0000018BB2717000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1805130975.0000018BB25C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704109804.0000018BB2500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704650396.0000018BB2741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705100867.0000018BB276C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705221882.0000018BB2781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000005.00000003.1848405186.0000018BAF951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007363804.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1848704526.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104335515.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2884278149.0000027FA4ACA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2888189336.000001E6D7103000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: 08fa6231-2709-480b-ae6e-8087f5e32e45.tmp.8.drString found in binary or memory: https://www.google.com
Source: content_new.js.7.dr, content.js.7.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000005.00000003.1704938310.0000018BB2757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704505379.0000018BB272C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704379046.0000018BB2717000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704109804.0000018BB2500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704650396.0000018BB2741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705100867.0000018BB276C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705221882.0000018BB2781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000005.00000003.1704938310.0000018BB2757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704505379.0000018BB272C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704379046.0000018BB2717000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1805130975.0000018BB25C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704109804.0000018BB2500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704650396.0000018BB2741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705100867.0000018BB276C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705221882.0000018BB2781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: 08fa6231-2709-480b-ae6e-8087f5e32e45.tmp.8.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: 08fa6231-2709-480b-ae6e-8087f5e32e45.tmp.8.drString found in binary or memory: https://www.gstatic.com
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.instagram.com
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.last.fm/
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2006408669.0000018BAF922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043206745.0000018BAF9EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000005.00000003.2354564144.0000018BAE25E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104618564.0000018BAE25E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1848968229.0000018BAE25E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2884278149.0000027FA4ACA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2884250645.000001E6D68BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000005.00000003.2262091656.000000E892280000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1805176188.0000018BB25B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1791644478.0000018BB5D6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.office.com
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/Office
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000005.00000003.1848555894.0000018BAE3DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000005.00000003.2262091656.000000E892280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: 66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 61461 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61459 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61484 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61465 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61490 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61470
Source: unknownNetwork traffic detected: HTTP traffic on port 61455 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61471 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61468
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61469
Source: unknownNetwork traffic detected: HTTP traffic on port 61497 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61460
Source: unknownNetwork traffic detected: HTTP traffic on port 61468 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61461
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61462
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61463
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61464
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61465
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61466
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61467
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61464 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61489 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61458 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 61485 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61454 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61475 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61496 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61469 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61471
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61472
Source: unknownNetwork traffic detected: HTTP traffic on port 61482 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61475
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61476
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 61463 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61490
Source: unknownNetwork traffic detected: HTTP traffic on port 61467 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61492 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61492
Source: unknownNetwork traffic detected: HTTP traffic on port 61457 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61472 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61476 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61495 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61482
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61483
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61484
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61485
Source: unknownNetwork traffic detected: HTTP traffic on port 61460 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61487
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61489
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 61487 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61462 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61466 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 61483 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61456 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61470 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61457
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61458
Source: unknownNetwork traffic detected: HTTP traffic on port 61498 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61459
Source: unknownNetwork traffic detected: HTTP traffic on port 61494 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61494
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61495
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61496
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61497
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61454
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61498
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61455
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61456
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:61476 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:61483 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:61484 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.4:61485 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:61487 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:61489 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:61490 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:61492 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:61497 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:61496 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:61498 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0054EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0054ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0054EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0053AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00569576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00569576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_c95d4176-e
Source: file.exe, 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_1b12be0e-d
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_d4b5e384-2
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_db5a0aa6-e
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E6D69D3A77 NtQuerySystemInformation,16_2_000001E6D69D3A77
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E6D6FA5672 NtQuerySystemInformation,16_2_000001E6D6FA5672
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0053D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00531201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00531201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0053E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DBF400_2_004DBF40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005420460_2_00542046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D80600_2_004D8060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005382980_2_00538298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0050E4FF0_2_0050E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0050676B0_2_0050676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005648730_2_00564873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DCAF00_2_004DCAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004FCAA00_2_004FCAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004ECC390_2_004ECC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00506DD90_2_00506DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004EB1190_2_004EB119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D91C00_2_004D91C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F13940_2_004F1394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F17060_2_004F1706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F781B0_2_004F781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E997D0_2_004E997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D79200_2_004D7920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F19B00_2_004F19B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F7A4A0_2_004F7A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F1C770_2_004F1C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F7CA70_2_004F7CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055BE440_2_0055BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00509EEE0_2_00509EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F1F320_2_004F1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E6D69D3A7716_2_000001E6D69D3A77
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E6D6FA567216_2_000001E6D6FA5672
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E6D6FA5D9C16_2_000001E6D6FA5D9C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E6D6FA56B216_2_000001E6D6FA56B2
Source: C:\Users\user\Desktop\file.exeCode function: String function: 004EF9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 004F0A30 appears 46 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: firefox.exe, 00000005.00000003.2326194789.0000018BAB6F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Colonna MT"! trademark of The Monotype Corporation plc.slntz
Source: classification engineClassification label: mal68.evad.winEXE@72/339@32/21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005437B5 GetLastError,FormatMessageW,0_2_005437B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005310BF AdjustTokenPrivileges,CloseHandle,0_2_005310BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005316C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_005316C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005451CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_005451CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_0053D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0054648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_004D42A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D8F3FF-1DF0.pmaJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Login Data.7.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exeVirustotal: Detection: 26%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,14014795037876426024,10836823907015113574,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3996 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6364 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6440 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2312 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c8e9b1-f66c-434b-8c3c-c115c545f02b} 7888 "\\.\pipe\gecko-crash-server-pipe.7888" 18ba2a6e510 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6972 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6972 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4296 -parentBuildID 20230927232528 -prefsHandle 3864 -prefMapHandle 4288 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4abacea7-2677-4079-adfd-c5f883d9b5e1} 7888 "\\.\pipe\gecko-crash-server-pipe.7888" 18bb4bdf610 rdd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2096,i,1085199010807938002,11552670726685906532,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2024,i,17758655322861619230,17304176494538820635,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6724 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,14014795037876426024,10836823907015113574,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2312 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c8e9b1-f66c-434b-8c3c-c115c545f02b} 7888 "\\.\pipe\gecko-crash-server-pipe.7888" 18ba2a6e510 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4296 -parentBuildID 20230927232528 -prefsHandle 3864 -prefMapHandle 4288 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4abacea7-2677-4079-adfd-c5f883d9b5e1} 7888 "\\.\pipe\gecko-crash-server-pipe.7888" 18bb4bdf610 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3996 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6364 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6440 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6972 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6972 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6724 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2096,i,1085199010807938002,11552670726685906532,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2024,i,17758655322861619230,17304176494538820635,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004D42DE
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F0A76 push ecx; ret 0_2_004F0A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004EF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004EF98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00561C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00561C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95226
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E6D69D3A77 rdtsc 16_2_000001E6D69D3A77
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.3 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0053DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005468EE FindFirstFileW,FindClose,0_2_005468EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0054698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0053D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0053D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00549642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00549642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0054979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00549B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00549B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00545C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00545C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004D42DE
Source: firefox.exe, 0000000D.00000002.2883446663.0000027FA473A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2888245526.0000027FA5040000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2886503490.000001E6D6D80000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2883162055.000001E6D65BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000005.00000003.1848555894.0000018BAE3C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2887316142.0000027FA4C1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000010.00000002.2886503490.000001E6D6D80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW'
Source: firefox.exe, 00000010.00000002.2886503490.000001E6D6D80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^
Source: firefox.exe, 0000000D.00000002.2883446663.0000027FA473A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#
Source: firefox.exe, 0000000D.00000002.2888245526.0000027FA5040000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E6D69D3A77 rdtsc 16_2_000001E6D69D3A77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054EAA2 BlockInput,0_2_0054EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00502622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00502622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004D42DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F4CE8 mov eax, dword ptr fs:[00000030h]0_2_004F4CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00530B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00530B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00502622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00502622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004F083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F09D5 SetUnhandledExceptionFilter,0_2_004F09D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004F0C21

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00531201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00531201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00512BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00512BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053B226 SendInput,keybd_event,0_2_0053B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005522DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_005522DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00530B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00530B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00531663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00531663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F0698 cpuid 0_2_004F0698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00548195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00548195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052D27A GetUserNameW,0_2_0052D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0050BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0050BB6F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004D42DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00551204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00551204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00551806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00551806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1504582 Sample: file.exe Startdate: 05/09/2024 Architecture: WINDOWS Score: 68 48 telemetry-incoming.r53-2.services.mozilla.com 2->48 50 sni1gl.wpc.nucdn.net 2->50 52 13 other IPs or domains 2->52 70 Multi AV Scanner detection for submitted file 2->70 72 Binary is likely a compiled AutoIt script file 2->72 74 Machine Learning detection for sample 2->74 76 AI detected suspicious sample 2->76 8 file.exe 1 2->8         started        11 msedge.exe 106 526 2->11         started        14 firefox.exe 1 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 78 Binary is likely a compiled AutoIt script file 8->78 80 Found API chain indicative of sandbox detection 8->80 18 msedge.exe 16 8->18         started        20 firefox.exe 1 8->20         started        66 192.168.2.4, 138, 443, 49241 unknown unknown 11->66 68 239.255.255.250 unknown Reserved 11->68 82 Maps a DLL or memory area into another process 11->82 22 msedge.exe 11->22         started        25 msedge.exe 11->25         started        27 msedge.exe 11->27         started        36 3 other processes 11->36 29 firefox.exe 3 95 14->29         started        32 msedge.exe 16->32         started        34 msedge.exe 16->34         started        signatures6 process7 dnsIp8 38 msedge.exe 18->38         started        54 13.107.246.40, 443, 61459, 61460 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->54 56 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49755, 49769 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->56 62 15 other IPs or domains 22->62 58 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49771, 61453, 61486 GOOGLEUS United States 29->58 60 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 61496, 61497 GOOGLEUS United States 29->60 64 5 other IPs or domains 29->64 44 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->44 dropped 46 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->46 dropped 40 firefox.exe 29->40         started        42 firefox.exe 29->42         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe27%VirustotalBrowse
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
example.org0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
services.addons.mozilla.org0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
ipv4only.arpa0%VirustotalBrowse
prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse
telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
detectportal.firefox.com0%VirustotalBrowse
firefox.settings.services.mozilla.com0%VirustotalBrowse
googlehosted.l.googleusercontent.com0%VirustotalBrowse
clients2.googleusercontent.com0%VirustotalBrowse
s-part-0032.t-0009.t-msedge.net0%VirustotalBrowse
bzib.nelreports.net0%VirustotalBrowse
sni1gl.wpc.nucdn.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
https://profiler.firefox.com/0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://i.y.qq.com/n2/m/index.html0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://fpn.firefox.com0%URL Reputationsafe
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%URL Reputationsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://tidal.com/0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://account.bellmedia.c0%URL Reputationsafe
https://www.openh264.org/0%URL Reputationsafe
https://gaana.com/0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%URL Reputationsafe
http://developer.mozilla.org/en/docs/DOM:element.addEventListener0%URL Reputationsafe
https://profiler.firefox.com0%URL Reputationsafe
https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
https://word.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
http://www.fontbureau.com/designers0%Avira URL Cloudsafe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://www.youtube.com0%Avira URL Cloudsafe
https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
https://www.instagram.com0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%VirustotalBrowse
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
https://docs.google.com/0%VirustotalBrowse
https://duckduckgo.com/ac/?q=0%VirustotalBrowse
http://www.fontbureau.com/designers0%VirustotalBrowse
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://www.youtube.com0%VirustotalBrowse
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
http://exslt.org/sets0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%VirustotalBrowse
https://web.telegram.org/0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%VirustotalBrowse
http://exslt.org/common0%Avira URL Cloudsafe
https://www.instagram.com0%VirustotalBrowse
http://exslt.org/sets0%VirustotalBrowse
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%VirustotalBrowse
https://www.msn.com0%VirustotalBrowse
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://web.telegram.org/0%VirustotalBrowse
http://exslt.org/dates-and-times0%Avira URL Cloudsafe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%VirustotalBrowse
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
http://www.carterandcone.comm0%Avira URL Cloudsafe
http://exslt.org/dates-and-times0%VirustotalBrowse
http://exslt.org/common0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
chrome.cloudflare-dns.com
162.159.61.3
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
truefalseunknown
services.addons.mozilla.org
52.222.236.80
truefalseunknown
ipv4only.arpa
192.0.0.170
truefalseunknown
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
truefalseunknown
googlehosted.l.googleusercontent.com
216.58.206.65
truefalseunknown
sni1gl.wpc.nucdn.net
152.199.21.175
truefalseunknown
s-part-0032.t-0009.t-msedge.net
13.107.246.60
truefalseunknown
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
truefalseunknown
detectportal.firefox.com
unknown
unknownfalseunknown
clients2.googleusercontent.com
unknown
unknownfalseunknown
bzib.nelreports.net
unknown
unknownfalseunknown
firefox.settings.services.mozilla.com
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://www.google.com/favicon.icofalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://duckduckgo.com/chrome_newtabWeb Data.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/ac/?q=Web Data.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://www.mozilla.com0firefox.exe, 00000005.00000003.2043732734.0000018BAEBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • URL Reputation: safe
unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007363804.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1848704526.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104335515.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2884278149.0000027FA4ACA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2888189336.000001E6D7103000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000D.00000002.2884278149.0000027FA4A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2884250645.000001E6D6891000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designersfirefox.exe, 00000005.00000003.2321326898.0000018BAB6E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2325159400.0000018BAB6D6000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://docs.google.com/manifest.json0.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://screenshots.firefox.comfirefox.exe, 00000005.00000003.1848555894.0000018BAE3E1000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.youtube.com66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.1704938310.0000018BB2757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704505379.0000018BB272C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704379046.0000018BB2717000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704109804.0000018BB2500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704650396.0000018BB2741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705100867.0000018BB276C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705221882.0000018BB2781000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000005.00000003.1803889436.0000018BB31D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2103683486.0000018BB3178000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1803889436.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2327682911.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2353919076.0000018BB31D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2034796801.0000018BB3178000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2353919076.0000018BB3176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2035815705.0000018BB3178000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.instagram.com66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/breach-details/firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.1704938310.0000018BB2757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704505379.0000018BB272C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704379046.0000018BB2717000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1805130975.0000018BB25C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704109804.0000018BB2500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704650396.0000018BB2741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705100867.0000018BB276C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705221882.0000018BB2781000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.com/firefox.exe, 00000005.00000003.2005972163.0000018BB0CAD000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.msn.comfirefox.exe, 00000005.00000003.2262091656.000000E892280000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1805176188.0000018BB25B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1791644478.0000018BB5D6A000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/mail/compose?isExtension=true66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.1704938310.0000018BB2757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704505379.0000018BB272C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704379046.0000018BB2717000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704109804.0000018BB2500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1704650396.0000018BB2741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1705100867.0000018BB276C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://exslt.org/setsfirefox.exe, 00000005.00000003.1849172595.0000018BAE226000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://i.y.qq.com/n2/m/index.html66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://www.deezer.com/66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007363804.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1848704526.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104335515.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2884278149.0000027FA4ACA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2888189336.000001E6D7103000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://web.telegram.org/66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://api.accounts.firefox.com/v1firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://exslt.org/commonfirefox.exe, 00000005.00000003.1849172595.0000018BAE226000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-2.corp.google.com/manifest.json0.7.drfalse
  • URL Reputation: safe
unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://fpn.firefox.comfirefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2006408669.0000018BAF922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043206745.0000018BAF9EE000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://exslt.org/dates-and-timesfirefox.exe, 00000005.00000003.1848873113.0000018BAE281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104541977.0000018BAE281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007642252.0000018BAE281000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2007363804.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1848704526.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104335515.0000018BAE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2884278149.0000027FA4ACA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2888189336.000001E6D7103000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-1.corp.google.com/manifest.json0.7.drfalse
  • URL Reputation: safe
unknown
https://excel.new?from=EdgeM365Shoreline66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://www.youtube.com/firefox.exe, 00000005.00000003.2006408669.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1807079146.0000018BAF95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043578920.0000018BAF94C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-5.corp.google.com/manifest.json0.7.drfalse
  • URL Reputation: safe
unknown
http://www.carterandcone.commfirefox.exe, 00000005.00000003.2403945563.0000018BAB6E2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333610977.0000018BAB6E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333578105.0000018BAB6D6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2401857606.0000018BAB6E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333476969.0000018BAB6E5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2401418022.0000018BAB6E5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333412406.0000018BAB6E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403594514.0000018BAB6E2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400292167.0000018BAB6E3000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.carterandcone.comlfirefox.exe, 00000005.00000003.2407261498.0000018BB4178000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
http://127.0.0.1:firefox.exe, 00000005.00000003.1805176188.0000018BB2584000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mofirefox.exe, 00000005.00000003.1794987146.0000018BB45C6000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://mitmdetection.services.mozilla.com/firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://chromewebstore.google.com/manifest.json.7.drfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-preprod.corp.google.com/manifest.json0.7.drfalse
  • URL Reputation: safe
unknown
https://chrome.google.com/webstore/manifest.json.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bard.google.com/66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.office.com66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/0/66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000005.00000003.2104335515.0000018BAE29B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2354269584.0000018BAE29B000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://play.google.com08fa6231-2709-480b-ae6e-8087f5e32e45.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000005.00000003.2354564144.0000018BAE255000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.tsn.cafirefox.exe, 00000005.00000003.2262091656.000000E892280000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://tidal.com/66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/aboutfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.1830798417.0000018E0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748033963.0000018BB4B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1713540088.0000018BAFEF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1796927738.0000018BB2AD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2373099295.0000018BB2AFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2104065719.0000018BB2B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1794139338.0000018BB505F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2373099295.0000018BB2AF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2033934367.0000018BB4B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1796807530.0000018BB2AEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1805176188.0000018BB255F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2038086200.0000018BB4B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2322359646.0000018BB4B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2373099295.0000018BB2AD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2103475236.0000018BB4B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2042592139.0000018BB4785000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1796807530.0000018BB2AFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2039251395.0000018BB2B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2035181499.0000018BB2B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1795027873.0000018BB2AEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1803242578.0000018BB5D2F000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://account.bellmedia.cfirefox.exe, 00000005.00000003.1791644478.0000018BB5D6A000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.openh264.org/firefox.exe, 00000005.00000003.1848555894.0000018BAE3DF000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://gaana.com/66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://login.microsoftonline.comfirefox.exe, 00000005.00000003.1803497871.0000018BB5322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1791644478.0000018BB5D6A000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://coverage.mozilla.orgfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000005.00000003.2043732734.0000018BAEBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046134547.0000018BB2E00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
https://outlook.live.com/mail/compose?isExtension=true66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://blocked.cdn.mozilla.net/firefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000005.00000003.1848555894.0000018BAE3C1000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 00000005.00000003.1749396261.0000018BB4896000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.comfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000005.00000003.2040441373.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707743927.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2045816080.0000018BB0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1798076411.0000018BB0539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790057701.0000018BB0538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2005972163.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706812568.0000018BB051F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706402926.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806568039.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://latest.web.skype.com/?browsername=edge_canary_shoreline66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://word.new?from=EdgeM365Shoreline66690437-521f-4450-b48d-ace99c02e40d.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000D.00000002.2887102466.0000027FA4B80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2883760456.000001E6D6680000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 00000005.00000003.2040441373.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707743927.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2045816080.0000018BB0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1798076411.0000018BB0539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790057701.0000018BB0538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2005972163.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706812568.0000018BB051F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1706402926.0000018BB0533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806568039.0000018BB0C93000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
13.107.246.40
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
152.195.19.97
unknownUnited States
15133EDGECASTUSfalse
142.251.40.206
unknownUnited States
15169GOOGLEUSfalse
13.107.246.60
s-part-0032.t-0009.t-msedge.netUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.219.161.132
unknownUnited States
20940AKAMAI-ASN1EUfalse
162.159.61.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
172.64.41.3
unknownUnited States
13335CLOUDFLARENETUSfalse
34.120.208.123
telemetry-incoming.r53-2.services.mozilla.comUnited States
15169GOOGLEUSfalse
104.126.116.26
unknownUnited States
20940AKAMAI-ASN1EUfalse
34.149.100.209
prod.remote-settings.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
216.58.206.65
googlehosted.l.googleusercontent.comUnited States
15169GOOGLEUSfalse
52.222.236.80
services.addons.mozilla.orgUnited States
16509AMAZON-02USfalse
142.251.40.234
unknownUnited States
15169GOOGLEUSfalse
34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
142.250.81.228
unknownUnited States
15169GOOGLEUSfalse
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
142.251.167.84
unknownUnited States
15169GOOGLEUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
35.190.72.216
prod.classify-client.prod.webservices.mozgcp.netUnited States
15169GOOGLEUSfalse

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1504582
Start date and time:2024-09-05 01:57:03 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 7m 41s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:26
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal68.evad.winEXE@72/339@32/21
EGA Information:
  • Successful, ratio: 66.7%
HCA Information:
  • Successful, ratio: 96%
  • Number of executed functions: 36
  • Number of non-executed functions: 315
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 64.233.167.84, 204.79.197.239, 13.107.21.239, 142.250.184.206, 13.107.6.158, 2.19.126.145, 2.19.126.152, 216.58.212.163, 204.79.197.200, 13.107.21.200, 216.58.206.35, 20.103.156.88, 93.184.221.240, 192.229.221.95, 142.250.186.142, 2.18.121.79, 2.18.121.73, 142.251.40.99, 142.251.35.163, 142.250.80.99
  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, edgeassetservice.afd.azureedge.net, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, arc.msn.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com, clients2.google.com, cn-bing-com.cn.a-0001.a-msedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, a-0001.a-msedge.net, fs.microsoft.com, accounts.google.com, bzib.nelreports.net.akamaized.net, fonts.gstatic.com, wildcardtlu-ssl.ec.azureedge.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, d
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

TimeTypeDescription
00:58:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
00:58:10AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
  • www.aib.gov.uk/
NEW ORDER.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zs
PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/42Q
06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
  • 2s.gg/3zk
Quotation.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zM
152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
  • www.ust.com/
13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
  • www.mimecast.com/Customers/Support/Contact-support/
http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
  • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

Domains

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
  • 162.159.61.3
file.exeGet hashmaliciousUnknownBrowse
  • 172.64.41.3
file.exeGet hashmaliciousUnknownBrowse
  • 162.159.61.3
file.exeGet hashmaliciousCoinhive, XmrigBrowse
  • 162.159.61.3
OmteV2.exeGet hashmaliciousLummaC StealerBrowse
  • 162.159.61.3
file.exeGet hashmaliciousUnknownBrowse
  • 172.64.41.3
file.exeGet hashmaliciousUnknownBrowse
  • 172.64.41.3
file.exeGet hashmaliciousUnknownBrowse
  • 172.64.41.3
file.exeGet hashmaliciousUnknownBrowse
  • 172.64.41.3
file.exeGet hashmaliciousUnknownBrowse
  • 172.64.41.3
example.orgfile.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousCoinhive, XmrigBrowse
  • 93.184.215.14
https://onedrive.live.com/view.aspx?resid=7AEF24C2ECCBD3A%21123&authkey=!ABehDrl0wDeSrDgGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
  • 52.222.236.120
file.exeGet hashmaliciousUnknownBrowse
  • 52.222.236.80
file.exeGet hashmaliciousUnknownBrowse
  • 52.222.236.120
file.exeGet hashmaliciousCoinhive, XmrigBrowse
  • 18.65.39.85
https://onedrive.live.com/view.aspx?resid=7AEF24C2ECCBD3A%21123&authkey=!ABehDrl0wDeSrDgGet hashmaliciousUnknownBrowse
  • 3.164.68.65
file.exeGet hashmaliciousUnknownBrowse
  • 18.65.39.4
file.exeGet hashmaliciousUnknownBrowse
  • 18.65.39.112
file.exeGet hashmaliciousUnknownBrowse
  • 52.222.236.80
file.exeGet hashmaliciousUnknownBrowse
  • 52.222.236.23
file.exeGet hashmaliciousUnknownBrowse
  • 18.65.39.85
ipv4only.arpafile.exeGet hashmaliciousUnknownBrowse
  • 192.0.0.170
file.exeGet hashmaliciousUnknownBrowse
  • 192.0.0.171
file.exeGet hashmaliciousUnknownBrowse
  • 192.0.0.170
file.exeGet hashmaliciousCoinhive, XmrigBrowse
  • 192.0.0.171
https://onedrive.live.com/view.aspx?resid=7AEF24C2ECCBD3A%21123&authkey=!ABehDrl0wDeSrDgGet hashmaliciousUnknownBrowse
  • 192.0.0.171
file.exeGet hashmaliciousUnknownBrowse
  • 192.0.0.171
file.exeGet hashmaliciousUnknownBrowse
  • 192.0.0.170
file.exeGet hashmaliciousUnknownBrowse
  • 192.0.0.171
file.exeGet hashmaliciousUnknownBrowse
  • 192.0.0.171
SecuriteInfo.com.Trojan-Downloader.Win32.Agent.xycwio.1244.6578.exeGet hashmaliciousCoinhiveBrowse
  • 192.0.0.170

ASNs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
MICROSOFT-CORP-MSN-AS-BLOCKUShttps://docsend.com/view/s/g9wy7hdqt2mwawpcGet hashmaliciousUnknownBrowse
  • 150.171.27.10
file.exeGet hashmaliciousUnknownBrowse
  • 13.107.246.60
RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
  • 13.107.246.64
RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
  • 20.157.217.118
https://5i4wgquoff3p4vcs4b2x3vrkqs4tqpgqetvwkictl2hqbggqideq.ar-io.dev/6jljQo4pdv5UUuB1fdYqhLk4PNAk62UgU16PAJjQQMkGet hashmaliciousHTMLPhisherBrowse
  • 13.107.246.60
https://ecom.bio/88bmwbm?gad_source=1&gclid=Cj0KCQjwiuC2BhDSARIsALOVfBJ293HpuZvtJvhD8kPzmEW6CdE9kLYMBSVdTvNfgfsL__VlxT7t4s4aAiVuEALw_wcBGet hashmaliciousUnknownBrowse
  • 13.107.246.45
http://bt-102116.weeblysite.com/Get hashmaliciousUnknownBrowse
  • 150.171.28.10
http://bt-105131.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
  • 150.171.27.10
file.exeGet hashmaliciousUnknownBrowse
  • 20.99.186.246
https://marinecontractinggp-my.sharepoint.com/:b:/g/personal/jshackelford_mcgfl_com/EZrN_hSH8PpKo7tTMm6-GnkBBkgUOZH1SsWQmUOOafRHtw?e=aP38gD&xsdata=MDV8MDJ8V2lsbC5XaWxleUBOYXZpc3Rhci5jb218YzgyNTFlNGQ3MTE2NDJhY2NjNTUwOGRjY2JlYjJmNTN8YjVhOTIwZDY3ZDNjNDRmZWJhYWQ0ZmZlZDZiODc3NGR8MHwwfDYzODYwOTQ1ODE4Mzk4Njg5NXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=TTdFaFlXTXRmNEZwMThmUEN5V0ZBZG1NQmRWVVZpcEJRT01ocWtMOHFEWT0%3dGet hashmaliciousUnknownBrowse
  • 52.107.225.8
AKAMAI-ASN1EUfile.exeGet hashmaliciousUnknownBrowse
  • 23.219.82.82
file.exeGet hashmaliciousUnknownBrowse
  • 23.59.250.10
file.exeGet hashmaliciousUnknownBrowse
  • 23.219.161.132
https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:626535c6-68da-4729-b016-6e974989fb70Get hashmaliciousLummaC StealerBrowse
  • 2.16.164.57
https://acrobat.adobe.com/id/urn:aaid:sc:US:4a1d4a71-0ecb-4b97-81ac-6d37886bcc89Get hashmaliciousLummaC StealerBrowse
  • 2.16.241.12
https://acrobat.adobe.com/id/urn:aaid:sc:US:6b473b2a-bd40-4154-8733-c1bbca42e1c1Get hashmaliciousLummaC StealerBrowse
  • 2.16.238.149
file.exeGet hashmaliciousCoinhive, XmrigBrowse
  • 23.59.250.122
Employee Appraisal Egrazak Hilcorp Agreement Signature Required.pdfGet hashmaliciousUnknownBrowse
  • 2.16.241.15
https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InN2ZXJiZXJuZUBod2xvY2huZXIuY29tIiwicmVxdWVzdElkIjoiNzgwMDFlMWUtY2NmYy00M2ZhLTQxYmItMjk2M2EyNGZhMWVmIiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VVM6OTk1YjVjZmEtMGYyZC00ZTljLTgwOWYtYzc5YzUxN2RlNjFkIiwibGFiZWwiOiIxMiIsImxvY2FsZSI6ImVuX1VTIn0.0EWW2z_mxehDkMMQ98vMToXInjMXe5XMr7nBZXvNhumnuPscVlD99QQVhtOQEqMfyqFH2INPck0-ahuKra8sJgGet hashmaliciousLummaC StealerBrowse
  • 2.16.241.6
https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:d45888c7-1c94-44ce-be0c-a501f747fb8cGet hashmaliciousLummaC StealerBrowse
  • 2.16.164.57
EDGECASTUSfile.exeGet hashmaliciousUnknownBrowse
  • 152.195.19.97
https://5i4wgquoff3p4vcs4b2x3vrkqs4tqpgqetvwkictl2hqbggqideq.ar-io.dev/6jljQo4pdv5UUuB1fdYqhLk4PNAk62UgU16PAJjQQMkGet hashmaliciousHTMLPhisherBrowse
  • 152.199.21.175
file.exeGet hashmaliciousUnknownBrowse
  • 152.195.19.97
Igmbio REMITTANCE.htmGet hashmaliciousHTMLPhisherBrowse
  • 152.199.21.175
https://d17vgkthg9sa6w.cloudfront.net/#Y8~zYXBvdGhAaGFycmlzd2lsbGlhbXMuY29tGet hashmaliciousHTMLPhisherBrowse
  • 152.199.21.175
file.exeGet hashmaliciousUnknownBrowse
  • 152.195.19.97
Play_VM-NowCLQD.htmlGet hashmaliciousHTMLPhisherBrowse
  • 152.199.21.175
https://tiangco.com/?tgc=dGVzdEB0aWFuZ2NvLmNvbS3igJxUZXN0IFVzZXI=Get hashmaliciousHTMLPhisherBrowse
  • 152.199.21.175
file.exeGet hashmaliciousCoinhive, XmrigBrowse
  • 152.195.19.97
Employee Appraisal Egrazak Hilcorp Agreement Signature Required.pdfGet hashmaliciousUnknownBrowse
  • 93.184.221.240
MICROSOFT-CORP-MSN-AS-BLOCKUShttps://docsend.com/view/s/g9wy7hdqt2mwawpcGet hashmaliciousUnknownBrowse
  • 150.171.27.10
file.exeGet hashmaliciousUnknownBrowse
  • 13.107.246.60
RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
  • 13.107.246.64
RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
  • 20.157.217.118
https://5i4wgquoff3p4vcs4b2x3vrkqs4tqpgqetvwkictl2hqbggqideq.ar-io.dev/6jljQo4pdv5UUuB1fdYqhLk4PNAk62UgU16PAJjQQMkGet hashmaliciousHTMLPhisherBrowse
  • 13.107.246.60
https://ecom.bio/88bmwbm?gad_source=1&gclid=Cj0KCQjwiuC2BhDSARIsALOVfBJ293HpuZvtJvhD8kPzmEW6CdE9kLYMBSVdTvNfgfsL__VlxT7t4s4aAiVuEALw_wcBGet hashmaliciousUnknownBrowse
  • 13.107.246.45
http://bt-102116.weeblysite.com/Get hashmaliciousUnknownBrowse
  • 150.171.28.10
http://bt-105131.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
  • 150.171.27.10
file.exeGet hashmaliciousUnknownBrowse
  • 20.99.186.246
https://marinecontractinggp-my.sharepoint.com/:b:/g/personal/jshackelford_mcgfl_com/EZrN_hSH8PpKo7tTMm6-GnkBBkgUOZH1SsWQmUOOafRHtw?e=aP38gD&xsdata=MDV8MDJ8V2lsbC5XaWxleUBOYXZpc3Rhci5jb218YzgyNTFlNGQ3MTE2NDJhY2NjNTUwOGRjY2JlYjJmNTN8YjVhOTIwZDY3ZDNjNDRmZWJhYWQ0ZmZlZDZiODc3NGR8MHwwfDYzODYwOTQ1ODE4Mzk4Njg5NXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=TTdFaFlXTXRmNEZwMThmUEN5V0ZBZG1NQmRWVVZpcEJRT01ocWtMOHFEWT0%3dGet hashmaliciousUnknownBrowse
  • 52.107.225.8

JA3 Fingerprints

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
28a2c9bd18a11de089ef85a160da29e4https://email.dependent.best/maintenance.html?book=py.kim@hdel.co.krGet hashmaliciousUnknownBrowse
  • 52.165.165.26
  • 184.28.90.27
https://docsend.com/view/s/g9wy7hdqt2mwawpcGet hashmaliciousUnknownBrowse
  • 52.165.165.26
  • 184.28.90.27
file.exeGet hashmaliciousUnknownBrowse
  • 52.165.165.26
  • 184.28.90.27
https://eu-central-1.protection.sophos.com/?d=weebly.com&u=aHR0cHM6Ly9idWxicm9va2ZpbGVkb3oud2VlYmx5LmNvbS8=&p=m&i=NWNiN2ZlZTg4MWQzYmMxNDQ2YTllNTVm&t=TEpQaDVNQk1PSmR6b09Tb3JxcVBPdU9Kdm5HTTNBQk1ZbmlDVWxWRGR4ST0=&h=1d98e9d15fec47ef8295d66fbe7597da&s=AVNPUEhUT0NFTkNSWVBUSVaKV6UGs1hvgp7Zj_6IpL5DgIeaqZA_38MjqkbKYS5u6wGet hashmaliciousHTMLPhisherBrowse
  • 52.165.165.26
  • 184.28.90.27
RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
  • 52.165.165.26
  • 184.28.90.27
http://warinice.ac.th/h/d/Get hashmaliciousUnknownBrowse
  • 52.165.165.26
  • 184.28.90.27
http://warinice.ac.th/h/d/paiement.phpGet hashmaliciousUnknownBrowse
  • 52.165.165.26
  • 184.28.90.27
http://mentmaskloegionn.gitbook.io/us/Get hashmaliciousUnknownBrowse
  • 52.165.165.26
  • 184.28.90.27
https://anoopmp9645.github.io/netflix.cloneGet hashmaliciousHTMLPhisherBrowse
  • 52.165.165.26
  • 184.28.90.27
http://warinice.ac.th/h/d/3dsece.phpGet hashmaliciousUnknownBrowse
  • 52.165.165.26
  • 184.28.90.27
fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 52.222.236.80
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 52.222.236.80
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 52.222.236.80
  • 34.120.208.123
file.exeGet hashmaliciousCoinhive, XmrigBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 52.222.236.80
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 52.222.236.80
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 52.222.236.80
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 52.222.236.80
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 52.222.236.80
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 52.222.236.80
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 52.222.236.80
  • 34.120.208.123

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
    file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        file.exeGet hashmaliciousCoinhive, XmrigBrowse
          file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              file.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousUnknownBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    file.exeGet hashmaliciousUnknownBrowse

                      Created / dropped Files

                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_215a67c5-26d2-4a8e-ac87-2b25ae9c4d55.json (copy)

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6439
                      Entropy (8bit):5.138046643610704
                      Encrypted:false
                      SSDEEP:192:fjMXCs3cbhbVbTbfbRbObtbyEzn/nSrDtTJdB:fY7cNhnzFSJ5nSrDhJdB
                      MD5:FBAE2E9DE6CED371D7E8AAC4D50B6249
                      SHA1:F641AC6C81BB9CA8BA15241105BBAB6B4D81D5C9
                      SHA-256:6DB58819281EBD851B1204AF96747BDFCE9397D138F8E86888C27CD8159D95BD
                      SHA-512:8C2472844FEAD4A3BB1F021631D393AF9324096E372E787D8A0D4E010D98F065ABA240D21381802047BD263B6CEA57A275765E37F1D9C397DD115EA3BC35392A
                      Malicious:false
                      Preview:{"type":"uninstall","id":"215a67c5-26d2-4a8e-ac87-2b25ae9c4d55","creationDate":"2024-09-05T01:34:16.713Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_215a67c5-26d2-4a8e-ac87-2b25ae9c4d55.json.tmp

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6439
                      Entropy (8bit):5.138046643610704
                      Encrypted:false
                      SSDEEP:192:fjMXCs3cbhbVbTbfbRbObtbyEzn/nSrDtTJdB:fY7cNhnzFSJ5nSrDhJdB
                      MD5:FBAE2E9DE6CED371D7E8AAC4D50B6249
                      SHA1:F641AC6C81BB9CA8BA15241105BBAB6B4D81D5C9
                      SHA-256:6DB58819281EBD851B1204AF96747BDFCE9397D138F8E86888C27CD8159D95BD
                      SHA-512:8C2472844FEAD4A3BB1F021631D393AF9324096E372E787D8A0D4E010D98F065ABA240D21381802047BD263B6CEA57A275765E37F1D9C397DD115EA3BC35392A
                      Malicious:false
                      Preview:{"type":"uninstall","id":"215a67c5-26d2-4a8e-ac87-2b25ae9c4d55","creationDate":"2024-09-05T01:34:16.713Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\061bd781-9d39-45b8-a27f-7297d4b6938e.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):25052
                      Entropy (8bit):6.031012029124735
                      Encrypted:false
                      SSDEEP:768:uMGQ7FCYXGIgtDAWtJ4V10goO5ZAyqSuGTX4D0:uMGQ5XMBG1+GID0
                      MD5:D391685108A81AA06D83C2C6003FE818
                      SHA1:DCA1438F4CD590F5DB5F071ECE21D8F1C74B9463
                      SHA-256:03E0D9002B226EAEDF65A0E9E34CA7C97C54A9243B58AAA07F00FB67081ECA41
                      SHA-512:E2068B09BA5F238C4C3FD371BB188007A8FB367C0461B1AFEF3D60DBE00D58B2F73847C9FFEE063F076901D3BA0FC4A7553A902AE9A07202B6FCBEEC38CBBDE9
                      Malicious:false
                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369967873604143","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\15d9b493-8fd3-4588-87bc-1d45c78582f3.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):22924
                      Entropy (8bit):6.046321547279773
                      Encrypted:false
                      SSDEEP:384:KtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhSAlBuGTXVKl21RQ5m:uMGQ7FCYXGIgtDAWtJ4n10gBuGTX4D0
                      MD5:99D866EFEFD8A9689DAF4F2CC6ED7E3E
                      SHA1:62287459C94F94B73BF437D700151EA66E46F016
                      SHA-256:811D66DD5489B6F858F5660E1250E6A98A713A0392D3B6DC641A8BBFB4D25E58
                      SHA-512:DDDF2F4BA2E85DDA62439B852DA86C8E678E49CFD83D265804BB48F8A08C4E4C79AF700F03F9A6B0D0DBC98310B5A0215D01AAE9B87055C7910D52FE13BFA1BF
                      Malicious:false
                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369967873604143","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\22e852da-b998-47e7-8aff-f31fc9931061.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):23966
                      Entropy (8bit):6.049433424096705
                      Encrypted:false
                      SSDEEP:384:KtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhSAlhGuI2Go8bXVKl21RQ5v:uMGQ7FCYXGIgtDAWtJ4n10ghLI2GdbXa
                      MD5:A63FC8790379DD70206D1CFF65539BD5
                      SHA1:4BE1C8320D6D0A906701BD1841440910D0C61DFB
                      SHA-256:49991E040148C3A09D7B1444B392BDE6AFC50EE2C4008B6BF076D9CD48CF1A1B
                      SHA-512:5B29E010299B2F3CE9C2BE14236A1CEF128D996F5FF2D223A26136D4ED126BA0E996B5B3CE1DB8C9770DD30427276C7BA5AE0438F241860030AF45C7CA402E81
                      Malicious:false
                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369967873604143","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\27233655-440b-47c6-a9a4-cba3a8a31a8a.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):8239
                      Entropy (8bit):5.794910060837427
                      Encrypted:false
                      SSDEEP:192:fsNAPJeiRUV0pjdkG16qRAq1k8SPxVLZ7VTiQ:fsNAhh9uG16q3QxVNZTiQ
                      MD5:F64407E881B94D0896BFF815B04E745B
                      SHA1:296C26226F9C74292C00A942FDDFCD362C8907EA
                      SHA-256:EB9346CA4792442D9EF4C6CE9AD3B20F732C3600F2B4C20D351D3D81453AEA66
                      SHA-512:6AB47AEAD1872FA0C7A99CDD9BAB3C2B3184F7EA394CA8F0027CB2647F49B2CE00BB6C1A03D843C35CED8D706FF8AF545FA1DDFC8CF53979A5DE42F18D60D13F
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2da3bc0e-ec6a-4a7c-982c-e1a677c67af1.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):23966
                      Entropy (8bit):6.049433424096705
                      Encrypted:false
                      SSDEEP:384:KtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhSAlhGuI2Go8bXVKl21RQ5v:uMGQ7FCYXGIgtDAWtJ4n10ghLI2GdbXa
                      MD5:A63FC8790379DD70206D1CFF65539BD5
                      SHA1:4BE1C8320D6D0A906701BD1841440910D0C61DFB
                      SHA-256:49991E040148C3A09D7B1444B392BDE6AFC50EE2C4008B6BF076D9CD48CF1A1B
                      SHA-512:5B29E010299B2F3CE9C2BE14236A1CEF128D996F5FF2D223A26136D4ED126BA0E996B5B3CE1DB8C9770DD30427276C7BA5AE0438F241860030AF45C7CA402E81
                      Malicious:false
                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369967873604143","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\906103a5-118f-4b4b-ab67-bcf0cdc9777a.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):25103
                      Entropy (8bit):6.030206998259932
                      Encrypted:false
                      SSDEEP:768:uMGQ7FCYXGIgtDAWtJ4Vk0goO5ZAyqSuGTX4D0:uMGQ5XMBGk+GID0
                      MD5:97528D899A92AA1800EFFFFB915A2D09
                      SHA1:C2C844F384B0B8DB7E8B07226249A7913BEE628C
                      SHA-256:586A7F199A156E3B97035463E36CC4DFD83493A3F60652C53B626092868BC736
                      SHA-512:A03513E1E36E80285EFD17D3FE0D974F71E9ED39228F7940349581388DB0A5D419878F7EFD2213133E88DA4BC67D91D82C13878D52BAB6C0718025BE91462FD8
                      Malicious:false
                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369967873604143","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9e22bdc3-01ad-4a58-89c6-b08cf0438a79.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):8321
                      Entropy (8bit):5.788858972361185
                      Encrypted:false
                      SSDEEP:192:fsNwPJeiRUV9pjdkG16qRAq1k8SPxVLZ7VTiQ:fsNwh69uG16q3QxVNZTiQ
                      MD5:E81C3E7D572B337F75F20AA56706BBCB
                      SHA1:A25EFEA17B042DEC18E802A581200C1905CB993B
                      SHA-256:5028AF7202BD68EA6E9A44B786B1F8D7ABF9853C6B35E97D7399FF0372FAE189
                      SHA-512:29AB9804FA7DAE4ACD9A064515509CF2CE216268982145F1EC5D47B03566CA79E81B1C9E3657C0890A1409D9EF903F3133A3046273C9552A31A49820135BA931
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):107893
                      Entropy (8bit):4.640149995732079
                      Encrypted:false
                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                      MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                      SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                      SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                      SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                      Malicious:false
                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\fb2e4bca-d4cb-486f-bb6e-9a9be6b5dcbb.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):107893
                      Entropy (8bit):4.640149995732079
                      Encrypted:false
                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                      MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                      SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                      SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                      SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                      Malicious:false
                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4194304
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4194304
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D8F3FF-1DF0.pma

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4194304
                      Entropy (8bit):0.03994120134847092
                      Encrypted:false
                      SSDEEP:192:PD01utmqvDDKX7NJvyqlBqfr3nXgXXmOvXrgThZINEydeRQMtaiDin8y08Tcm2Rl:r0EtoSQlSh+TGYiDi08T2RGOD
                      MD5:1B6BEF06694843DF53EB3DBB14F12C0A
                      SHA1:3B8E3F3092A9ABD9F1A40B5C7B7B956852775246
                      SHA-256:8F16BF1CB439B8A73D35661B1A23A156B2FC801B7DC03BE1DEFCA8AEACAAB96D
                      SHA-512:FB66705490ECA3413CFF9BCB520E81583AD5A08A9C7292E6B840E389DB9241EC21C2784C370EEDCFEDA254B975DD2F7EBFF3C9A8824F49736200532F6C732D07
                      Malicious:false
                      Preview:...@..@...@.....C.].....@................a..HQ..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....e.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".ohalfk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D8F400-1F6C.pma

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4194304
                      Entropy (8bit):0.46960116632291254
                      Encrypted:false
                      SSDEEP:6144:v2j47VMJKUYaHsxrF3P9JqJojDEfuNaH8:XMJKKcdM
                      MD5:EF37C3E51EE6AD0CA88CBE987CAD08E9
                      SHA1:F287EB4B3F8F1EBD5DAC5003E7401692F1AFE4ED
                      SHA-256:FFD01F0756CB4C09BEF1DF0B3BE22B89CE9D4B184EDE9F19C3B7E72676FD5181
                      SHA-512:56D39946982472FE1FEFA6B8BDB3753D6662FBBB39C532562EB7F577557F0E1B07A8D06DEBF25B12A78A933D89AECE2DDBF54AE19FB51EADDD4B754F8A0EC529
                      Malicious:false
                      Preview:...@..@...@.....C.].....@...................`...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".ohalfk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..$...

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D8F412-27D0.pma

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4194304
                      Entropy (8bit):0.04076385147001415
                      Encrypted:false
                      SSDEEP:192://0EbtmqvDtKX7dJEa3XxxTxqZ/g+Xgz970R6Eqh57NgFRc1gQMpon56n8y08Tcp:H0EtKeK8Y/xFhxScglo5608T2RGOD
                      MD5:32C66F30DBD73F499EA8F9FFE69E1BE5
                      SHA1:CBA934C22E09432D48D252B556C3D69F97F16900
                      SHA-256:ABF244D350272CCA94039373C8EC5E71684443418344B8FB78186FBE37F94240
                      SHA-512:CC3F9B4B0EF1AFC58C36E4CCE8C9108398142405E4895B2CA482B07B26073FB029F0AF91620A9E992FEEC51D594810D45EE75A95A526EC28E5E58C9099C1DF98
                      Malicious:false
                      Preview:...@..@...@.....C.].....@................b...Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".ohalfk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D8F41A-21C4.pma

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4194304
                      Entropy (8bit):0.03990346085998305
                      Encrypted:false
                      SSDEEP:192:T90EbtmqvD3KX7NJEa3Xxx7uqZGXPtg34khhhBNExMO1gQpeKz65man8y08Tcm2D:p0EtEe18xphBbagwhz+J08T2RGOD
                      MD5:2A9C17154683D07DF09F9B45067CEA08
                      SHA1:0364E788C8399B092797CCD5FAE4870AC12357CF
                      SHA-256:87A58E4B6E9282061E27A3F88151FB6A615CFF98D7532283A1C50C1CD934EF7C
                      SHA-512:AB6D87E3513043D4F20B3DC047E6D5528A479C076CBFC7764450D3101661237403E21CC57893ABDCEA73A8D290FA87AD9E2D5DE83A3F9F4E0AA6A8F9FD8875D5
                      Malicious:false
                      Preview:...@..@...@.....C.].....@................`...O..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".ohalfk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):16384
                      Entropy (8bit):0.3553968406659012
                      Encrypted:false
                      SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                      MD5:CFAB81B800EDABACBF6CB61AA78D5258
                      SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                      SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                      SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                      Malicious:false
                      Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):280
                      Entropy (8bit):3.060980776278344
                      Encrypted:false
                      SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                      MD5:74B32A83C9311607EB525C6E23854EE0
                      SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                      SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                      SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                      Malicious:false
                      Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\105765f8-559b-472d-8211-8478e86aa56e.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:L:L
                      MD5:5058F1AF8388633F609CADB75A75DC9D
                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                      Malicious:false
                      Preview:.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\25344969-ba98-4efe-bda6-29339ef62f18.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):13653
                      Entropy (8bit):5.245318549893027
                      Encrypted:false
                      SSDEEP:192:sVyJ9pQTryZiuaba4uy1JSwnYEzn7YQ3e8fpj+FyjQAD9d1f:sVyLAJu2JSwYEzxpUqQ6B
                      MD5:1D092E8A04A1D7B51E5246BD9D0DEF27
                      SHA1:E3A250825C4CB2CE361C673C224FF479F7E746E3
                      SHA-256:57A809A41CC759B07EC88D8A107320D8EF587F13D6899705DB95523FF190FA68
                      SHA-512:5072947DBEC100D91D22AE313CA7B0A0E269ABAD8618188F8BEB8AEB79B65CCCF2A30F3FAF4CDBA685649D0123DEC75AD20F3278BA767CEE5D972F08A2B7F4E4
                      Malicious:false
                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369967873572602","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3693f239-584b-4895-b82b-9df90d6b54a6.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:L:L
                      MD5:5058F1AF8388633F609CADB75A75DC9D
                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                      Malicious:false
                      Preview:.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4b1be54f-f5b1-4994-bb99-de4a7c0273d0.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):39694
                      Entropy (8bit):5.562863335941972
                      Encrypted:false
                      SSDEEP:768:nVrvh47pLGLv42WPUGfdX8F1+UoAYDCx9Tuqh0VfUC9xbog/OVLz/wxVMrwUu1DV:nVrvhkcv42WPUGfdXu1jamz/aVlUujjb
                      MD5:98979D3E798F25533E87EAE3573A4F07
                      SHA1:020CBE1AD4CA3D3791F08EDE989BFAE465387D89
                      SHA-256:554F3F7BE9356391A171AE9ECAC993FD060A8576D2C94FC0D86C8EED6BBC0DA5
                      SHA-512:065C5D21822BB086CE700929C178164D0C84FC779F6B9450678C70A8BF79B234C6F64F827C8CF17D02562F7D28AD8CD3F66A0E177AEFCA3E05E6BAA76CA9D998
                      Malicious:false
                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369967872449095","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369967872449095","location":5,"ma

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5ed66230-ac15-4933-9b93-df4e66c84773.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):12269
                      Entropy (8bit):5.073395749869118
                      Encrypted:false
                      SSDEEP:192:sVyJ9pQTryZigaba4uy1JSwaYQ3m8fpj+FyjQAT9d1f:sVyLA3u2JSwkpUqQiB
                      MD5:68EC8CDB2C22DD8E91F5FBF99B1B586B
                      SHA1:2551E7B152E9EAAAF7F70DD94321C4AD5E8C8EC4
                      SHA-256:910188EDFD4A73AB7D78E6CEAE653CA5FC5CD3AE2983FE69F618610674F9F047
                      SHA-512:D2070E170352F8A0416E79F71E73FB7B8BE520B8E1335F0BDE8E7B1121CA193A879010AB349E67B4721D26E860445A0AD9F81EAF08A7FB80B8E8DBBBC61C0125
                      Malicious:false
                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369967873572602","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\66690437-521f-4450-b48d-ace99c02e40d.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                      Category:dropped
                      Size (bytes):115717
                      Entropy (8bit):5.183660917461099
                      Encrypted:false
                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                      Malicious:false
                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6de99138-cd3a-46e6-b130-3560b6b32cc5.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):13691
                      Entropy (8bit):5.244655874513249
                      Encrypted:false
                      SSDEEP:192:sVyJ9pQTryZiuaba4uy1JSwnYEzn7YQ3e8fpj+FyjQAM9d1f:sVyLAJu2JSwYEzxpUqQtB
                      MD5:5F862C18E54EF130642CADAB0651CD8C
                      SHA1:99AE333B1D2341D9474C1EDCDE2C8D2F9DA31F93
                      SHA-256:DF8F6889D6A01094B74E2AD9A8A0ECA061EFE39F27C98BC7665D2B1E2B4A31D3
                      SHA-512:5CD721A012E252C1EDF506136BC3B7A630A08C15A8F09429C46E4B83A64B4C1350FAA23FDDD099E45079233724256B82CFAED8048051A869B94FDB2B6DFF654F
                      Malicious:false
                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369967873572602","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9633b670-7854-4923-9a96-1cb349bde4d4.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):34635
                      Entropy (8bit):5.560564207521644
                      Encrypted:false
                      SSDEEP:768:nVrv62WPUGfqX8F1+UoAYDCx9Tuqh0VfUC9xbog/OVkwxVMrwUu3DdKp2tuT:nVrv62WPUGfqXu1jabaVlUuxjtQ
                      MD5:655D9DB3299286E455AE7AD66640439B
                      SHA1:D7501C28B31B351AFC75432B57B63995C85C2742
                      SHA-256:5061B5A5C4DAA729B2C1133F35EDC394F31448BD63C51E360559F865C642D931
                      SHA-512:1DD30BB033C2D305521662EAD1269D6BEA3AE1AA40EED9E0AAF26C0011A0978CCFD0980730E9C47D8586DD14C6F886D93A4DD6562E04B181C58F2B338B324017
                      Malicious:false
                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369967872449095","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369967872449095","location":5,"ma

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9bee1857-3447-4e22-891b-946bb3d889d5.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):13581
                      Entropy (8bit):5.246306663407462
                      Encrypted:false
                      SSDEEP:192:sVyJ9pQTryZiuaba4uy1JSwnYEzn7YQ3e8fpj+FyjQAA9d1f:sVyLAJu2JSwYEzxpUqQZB
                      MD5:3B215F4FDBBDC37C179AA92C55255FE0
                      SHA1:5C6F988D6BE874D084AE86AE6B002B763566E5F9
                      SHA-256:572BF6A730682052848B9A020C7645E501AA31C7D77C6958D30B1094DFFF4518
                      SHA-512:161BE18CE9D8AAE9A24907ED0716093BD4F53FED84DA3D5B873B345F30AC342F28F722A636E2A92317951D6251E5D4B3267C55AD503F37F28882D77761D9E263
                      Malicious:false
                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369967873572602","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:modified
                      Size (bytes):1695826
                      Entropy (8bit):5.041139204151831
                      Encrypted:false
                      SSDEEP:24576:yPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:yPfZ/mS5
                      MD5:102140D844E244BEDBA74E66C2B4D0EB
                      SHA1:617CA912910F451A15BD68BF0BA0DAD77A8FFE5F
                      SHA-256:33D03EB33DE40EB94AAA9B6694DC820A5C50554FA666A88340E321B5BA96394F
                      SHA-512:AD10B45CF7216C42D81806C13EBA66B251BAA12B13187C84328EDADD67AFF1DC1A4C5A544F250D55F20C4B18CDB4EB2A02E3173B2A0629DB39AED7B9369BDD33
                      Malicious:false
                      Preview:...m.................DB_VERSION.1,..=.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13369967879816258.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]'.+..................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13369967879816960.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):293
                      Entropy (8bit):5.1561475798706
                      Encrypted:false
                      SSDEEP:6:PGL1wkn23oH+Tcwt9Eh1ZB2KLllGJu39+q2Pwkn23oH+Tcwt9Eh1tIFUv:PGqfYeb9Eh1ZFLnGc+vYfYeb9Eh16FUv
                      MD5:4387F2C1B06F99423FD2E7A38954A00A
                      SHA1:DA8A276695A506CFCF193D4D2D2FB090F3568DA3
                      SHA-256:112C23790EC8379332CD7D4A930943CB785C6D6BD57564C082C2C3117900F411
                      SHA-512:AAF5FD721092BA91A37A03938B176A787F8B1B340B4DE42BD5774B335A7F2F60471EAF7F430636A94D2B769DB9DCCA85EB7054B8ACC3B6F6E29CEE1C67E11A7A
                      Malicious:false
                      Preview:2024/09/04-19:57:57.834 227c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/09/04-19:57:58.698 227c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:OpenPGP Secret Key
                      Category:dropped
                      Size (bytes):41
                      Entropy (8bit):4.704993772857998
                      Encrypted:false
                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                      Malicious:false
                      Preview:.|.."....leveldb.BytewiseComparator......

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):0.3202460253800455
                      Encrypted:false
                      SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                      MD5:40B18EC43DB334E7B3F6295C7626F28D
                      SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                      SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                      SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):28672
                      Entropy (8bit):0.4653277474266285
                      Encrypted:false
                      SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNjh0:TouQq3qh7z3bY2LNW9WMcUvBb0
                      MD5:8401DF49C8CC13E23E5C24ACC5F67CF2
                      SHA1:0B61D0A53DA482762DB8EB4C824FDF4E7FDE1570
                      SHA-256:72C8205B9C55843784E5AD1ECBB8E79FEAC41C0DB71B43CCF074BB870596ACD3
                      SHA-512:B2D63EC2C4379800DDBA8974FB2C81FCFC7C779AC9244482672B06191D2CD00066AFC034C996298F15B7F4E5F007149B978866CF4FF2EB1F7DC1EDF8E98A1694
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.01057775872642915
                      Encrypted:false
                      SSDEEP:3:MsFl:/F
                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                      Malicious:false
                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):270336
                      Entropy (8bit):8.280239615765425E-4
                      Encrypted:false
                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.011852361981932763
                      Encrypted:false
                      SSDEEP:3:MsHlDll:/H
                      MD5:0962291D6D367570BEE5454721C17E11
                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.012340643231932763
                      Encrypted:false
                      SSDEEP:3:MsGl3ll:/y
                      MD5:41876349CB12D6DB992F1309F22DF3F0
                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                      Category:dropped
                      Size (bytes):262512
                      Entropy (8bit):9.553120663130604E-4
                      Encrypted:false
                      SSDEEP:3:LsNlr:Ls3
                      MD5:42383763E2B99EC8A8CCE1BAA76228B9
                      SHA1:9700D283FB1018A7E4346D86AF815F6A000CBE6E
                      SHA-256:EF524843A17EC02E473ACF905212586AE934CB07CE9D9E5D429CEBB02249AB6A
                      SHA-512:A436D34C3734F5390DC64FF8357A6108FE3927C15C82A782091723DCA1699D7EB32B4CF1F5A4C0790C046C2D0E336C760FC41CA30F9CFF465E544E990F32C51D
                      Malicious:false
                      Preview:........................................h..9../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):33
                      Entropy (8bit):3.5394429593752084
                      Encrypted:false
                      SSDEEP:3:iWstvhYNrkUn:iptAd
                      MD5:F27314DD366903BBC6141EAE524B0FDE
                      SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                      SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                      SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                      Malicious:false
                      Preview:...m.................DB_VERSION.1

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):305
                      Entropy (8bit):5.245492201089217
                      Encrypted:false
                      SSDEEP:6:PGWSM1wkn23oH+TcwtnG2tbB2KLllGUuOq2Pwkn23oH+TcwtnG2tMsIFUv:PGWSrfYebn9VFLnGUNvYfYebn9GFUv
                      MD5:180422E3EED6E7A9137B67C1E33FC1D3
                      SHA1:4AE16F9240931D1A0521BF10D0450A8095470590
                      SHA-256:964716BDE346B040A46A46582E294CAD690E42EC93F268071AC7072716C9596F
                      SHA-512:220B155CB2C04D331A8D5773F60A1138B4E5AC5BC5804162F0448A9919C9FF87CBDFD42593B2DD460CD25F0B92956928A1F9EED263B4D2DB01962CCF9DB2F5B7
                      Malicious:false
                      Preview:2024/09/04-19:57:53.236 1c34 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/09/04-19:57:53.246 1c34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:OpenPGP Secret Key
                      Category:dropped
                      Size (bytes):41
                      Entropy (8bit):4.704993772857998
                      Encrypted:false
                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                      Malicious:false
                      Preview:.|.."....leveldb.BytewiseComparator......

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):0.494709561094235
                      Encrypted:false
                      SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                      MD5:CF7760533536E2AF66EA68BC3561B74D
                      SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                      SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                      SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):0.6130413433788416
                      Encrypted:false
                      SSDEEP:12:TLW4QpRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWo4MAq2YiJ:TLqpR+DDNzWjJ0npnyXKUO8+jKpkmL
                      MD5:80AD19D41372DCCA507BCB895AACA9A1
                      SHA1:B417543AD943CFEC608A49639278EB11C871548E
                      SHA-256:3122B16E7CFFCC1918A365138DBBE67C9C3B94FAED2D1F818A0F3DCAA665E633
                      SHA-512:E9E6617BB28180039A5885A15750EA915912BB1456EE5B4F0C367A4B08AB610390677985656E493F8C142D6DA4DBE64009F079352DFDFD6D3BB767BB21410C79
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):375520
                      Entropy (8bit):5.354138152734975
                      Encrypted:false
                      SSDEEP:6144:JA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:JFdMyq49tEndBuHltBfdK5WNbsVEziPU
                      MD5:C25A277658853D5E25107D9647207015
                      SHA1:D7A8B213D7DA1674A7FF5229C0A03ECAFEB313AD
                      SHA-256:826F45D40808089FBB17D0A1AB39C1F27CC5F269411B6EDFFE19B0B6B6ADD77C
                      SHA-512:A6713421666EF362C7B125B3935B8CAED657388EA157D02EDEEEA4C9E542E4E3F00C56BE0708B70DDA96F280F1CEDE2178915BC2A19032471F7F3F2AC0C395AE
                      Malicious:false
                      Preview:...m.................DB_VERSION.1...|q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13369967878563278..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):309
                      Entropy (8bit):5.238724898744692
                      Encrypted:false
                      SSDEEP:6:PG3GcHD1wkn23oH+Tcwtk2WwnvB2KLllG3WsjL+q2Pwkn23oH+Tcwtk2WwnvIFUv:PG3GTfYebkxwnvFLnG3WsOvYfYebkxwp
                      MD5:CE3D61F6BD7966B69DE99A23948F44D8
                      SHA1:06BD8685271AA526EC75D13B7238AABBCE8D1B03
                      SHA-256:A93E71E8533087FB4BA270EF5E0F232BB8C7FF2CD1D59952A816B0A7FF4C9124
                      SHA-512:8E12A786357004DCE5BB7126A58B496EFCCEB1BFD639CD5D68C0FA9F0E43ACBFA9EFC773938CDA8E5B92CE5DAC135B5A031C873628870AE612A5E7929F3A7F67
                      Malicious:false
                      Preview:2024/09/04-19:57:57.852 2398 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/04-19:57:57.896 2398 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:OpenPGP Secret Key
                      Category:dropped
                      Size (bytes):41
                      Entropy (8bit):4.704993772857998
                      Encrypted:false
                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                      Malicious:false
                      Preview:.|.."....leveldb.BytewiseComparator......

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):358860
                      Entropy (8bit):5.3246153110346635
                      Encrypted:false
                      SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RI:C1gAg1zfvQ
                      MD5:2EF3A345F054AA4C382535BB59BAFAB8
                      SHA1:2178FA82C1164FAD7D0D36EF00618059AB2565FA
                      SHA-256:0DD00B5C77EDF25B0BFA8CC20A10DA7A19EDE3EB8C1690C857D7A8A5DC016E93
                      SHA-512:16BFFB3A785867B843938F065B9B848D22FE575EE233BBCA5DC9702553358C1B930D327485B48B76D7B2847C7AE6436D107E83CBA5EDFB7C1B25BC5E5E197212
                      Malicious:false
                      Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):209
                      Entropy (8bit):1.8784775129881184
                      Encrypted:false
                      SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                      MD5:478D49D9CCB25AC14589F834EA70FB9E
                      SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                      SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                      SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                      Malicious:false
                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):281
                      Entropy (8bit):5.188128233492837
                      Encrypted:false
                      SSDEEP:6:PGr81wkn23oH+Tcwt8aVdg2KLllGn+Aq2Pwkn23oH+Tcwt8aPrqIFUv:PG3fYeb0LnG+AvYfYebL3FUv
                      MD5:7F752BD61B9CD2F2D788473F201102C7
                      SHA1:5F0FB000C9543BEC1D9B71EB626294D2ADBDBAA0
                      SHA-256:0A81DF339B173A9D1406876727A69CCC83AAD174EE41BDD4CC62755DB0A7CA5E
                      SHA-512:03305805668A9ABEE59AE2A652045DEA7D3D1D8895415C74076883F1A4E8FBBD0E21DC7F4CAB19274942CEB85F306F701234280AEA9D93AE5790CF27D1CAD358
                      Malicious:false
                      Preview:2024/09/04-19:57:53.234 1c30 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/09/04-19:57:53.272 1c30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:OpenPGP Secret Key
                      Category:dropped
                      Size (bytes):41
                      Entropy (8bit):4.704993772857998
                      Encrypted:false
                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                      Malicious:false
                      Preview:.|.."....leveldb.BytewiseComparator......

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):209
                      Entropy (8bit):1.8784775129881184
                      Encrypted:false
                      SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                      MD5:478D49D9CCB25AC14589F834EA70FB9E
                      SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                      SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                      SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                      Malicious:false
                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.192153601494646
                      Encrypted:false
                      SSDEEP:6:PGcFU481wkn23oH+Tcwt86FB2KLllGaOq2Pwkn23oH+Tcwt865IFUv:PGcFRfYeb/FFLnGaOvYfYeb/WFUv
                      MD5:6B22145B2BA7F39C182C87977F02D3BC
                      SHA1:97386FC46901750A8C6759499415C458A3DC449D
                      SHA-256:8064FA4B1F702836CC3DFC8A0C62E7EBC7CDE28B0A6FD536FD2002225FF22087
                      SHA-512:E4F3432FBD878D2B33BDE6812A4C3EA1D4E47AEECC156B63140E8842E7010B007243FF7E212E4383511BF2720E9F9DB11927308FFA590B03AAE329711C0B6E65
                      Malicious:false
                      Preview:2024/09/04-19:57:53.282 1c30 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/09/04-19:57:53.485 1c30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:OpenPGP Secret Key
                      Category:dropped
                      Size (bytes):41
                      Entropy (8bit):4.704993772857998
                      Encrypted:false
                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                      Malicious:false
                      Preview:.|.."....leveldb.BytewiseComparator......

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):1197
                      Entropy (8bit):1.8784775129881184
                      Encrypted:false
                      SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                      MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                      SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                      SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                      SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                      Malicious:false
                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):322
                      Entropy (8bit):5.2282264909732765
                      Encrypted:false
                      SSDEEP:6:PGwCDM+q2Pwkn23oH+Tcwt8NIFUt82GwCgZmw+2GeDMVkwOwkn23oH+Tcwt8+eLJ:PGwH+vYfYebpFUt82Gwn/+2GDV5JfYey
                      MD5:0E4931C92CD7F2A6864CC70EE8836ED3
                      SHA1:F5ACDF30C336FD52BADDC229B3FEA0513021E952
                      SHA-256:F205428B0D01F407F452EA1545E28953A4010A6CABD384EDF7CFCF19586CF5B6
                      SHA-512:661CA8B98388D19269B654D9053FA7BBECFF65847FE61DE36040327408EB3DFB3A3FCD4ADA12E744B85D08740878A6DEC736D091F5D60B0E50550C04B561EE1C
                      Malicious:false
                      Preview:2024/09/04-19:57:53.646 1c1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/04-19:57:53.646 1c1c Recovering log #3.2024/09/04-19:57:53.647 1c1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):322
                      Entropy (8bit):5.2282264909732765
                      Encrypted:false
                      SSDEEP:6:PGwCDM+q2Pwkn23oH+Tcwt8NIFUt82GwCgZmw+2GeDMVkwOwkn23oH+Tcwt8+eLJ:PGwH+vYfYebpFUt82Gwn/+2GDV5JfYey
                      MD5:0E4931C92CD7F2A6864CC70EE8836ED3
                      SHA1:F5ACDF30C336FD52BADDC229B3FEA0513021E952
                      SHA-256:F205428B0D01F407F452EA1545E28953A4010A6CABD384EDF7CFCF19586CF5B6
                      SHA-512:661CA8B98388D19269B654D9053FA7BBECFF65847FE61DE36040327408EB3DFB3A3FCD4ADA12E744B85D08740878A6DEC736D091F5D60B0E50550C04B561EE1C
                      Malicious:false
                      Preview:2024/09/04-19:57:53.646 1c1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/04-19:57:53.646 1c1c Recovering log #3.2024/09/04-19:57:53.647 1c1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):4096
                      Entropy (8bit):0.3169096321222068
                      Encrypted:false
                      SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                      MD5:2554AD7847B0D04963FDAE908DB81074
                      SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                      SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                      SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):0.40981274649195937
                      Encrypted:false
                      SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                      MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                      SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                      SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                      SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):429
                      Entropy (8bit):5.809210454117189
                      Encrypted:false
                      SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                      MD5:5D1D9020CCEFD76CA661902E0C229087
                      SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                      SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                      SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                      Malicious:false
                      Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):2.448591569493359
                      Encrypted:false
                      SSDEEP:96:0BCyvknicZTelS9nsH4/AztcnuuoKwxn3H:mNvknicZbsHXzCnPo1xn3H
                      MD5:A889C3BE830925021493C72CB708486C
                      SHA1:B6DF183864A87E7245EB33535D65D26F559909CD
                      SHA-256:06F1D3E7C15CA2A05AAE20E454DF08BB6CCEE87203ABAED717A93A0B6A8EEA22
                      SHA-512:6112D3D198633656719FD8CAA13B6C20AE6AA598172941A005DEF2046AB0F390413594A7337DB1F318923A11EBFAC650EC88A570453CD2DA68D3863B86071A29
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                      Category:dropped
                      Size (bytes):159744
                      Entropy (8bit):0.6471941501919152
                      Encrypted:false
                      SSDEEP:96:Rnslb5pHU+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNChnK:RnslbY+GPXBBE3upb0HtTTDxVjknK
                      MD5:8CAE1213FF6B1E682874E1A2628FE713
                      SHA1:CD2CBF0357B009BBF3AA4CC6C60D633029BF9053
                      SHA-256:A666C6B691A06F1BB7D5539736B1AE5E1A65E89D9AB562B567121DD2AEFD083C
                      SHA-512:DCC201DD2B5FD6313CB6E6F7F8BA2090E30EB9FA915FB195969CBEC3DE707E35CED62C09A77287EDD067D4D56E8BEE4800CD8B4C80E97BFD9E7225DCBA9257C2
                      Malicious:false
                      Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):0.32872990409968056
                      Encrypted:false
                      SSDEEP:6:zA/J3+t76Y4QZZofU99pO0BYAqR4EZY4QZvGG:chHQws9LdGBQZGG
                      MD5:67C2D7C851E4E9931E9ED6F68044C76E
                      SHA1:AF6F33706FFBFA06D4AEC1169ABE0DE837CEFF82
                      SHA-256:F631CE669543ECE278225F367C88D22BAFC5C8247B452D2E404DB43A85C2E3D6
                      SHA-512:1B8B68E42C938B828DE83DE37F434E3937111BDE330CB4A1068CD24F4BF937181ACB3106ECD0CC7E0E471DE1F2F33E51D378D46FE24122506A26964F50946037
                      Malicious:false
                      Preview:............]......'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                      Category:dropped
                      Size (bytes):115717
                      Entropy (8bit):5.183660917461099
                      Encrypted:false
                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                      Malicious:false
                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                      Category:dropped
                      Size (bytes):45056
                      Entropy (8bit):3.5489333276543484
                      Encrypted:false
                      SSDEEP:384:zj9P0FFcSQkQerR773pLQP/Kbt6hkCgam6IWRKToaAu:zdiqSe2R7KP/F+FmRKcC
                      MD5:EAAE616CDEE5421C39E54F7C586C75A2
                      SHA1:67C4C181D938DA92B92F04653C695C17302A5DAE
                      SHA-256:744A583C900F9ED94D08849D056C27B2E61EC6140CC58CAD3EA1445A15B65170
                      SHA-512:ABD7572B3BC83E502038CA99571350915CD1A4712C0CC0696E936F8A3745723F9D5BDEA54A9B11FF344C4A887081F270266A16551B8F91CB08033F54F36A7056
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):406
                      Entropy (8bit):5.301677555335585
                      Encrypted:false
                      SSDEEP:12:PG7+vYfYeb8rcHEZrELFUt82Gr/+2Ga3V5JfYeb8rcHEZrEZSJ:fYfYeb8nZrExg8RXJfYeb8nZrEZe
                      MD5:A41B713DAA236B27F01258141D6CDB68
                      SHA1:C65A0E652CB2E81D46F2EB58137B9BBAA0E2652B
                      SHA-256:3A489F4B4D87DA06415D638136BFACEB349BA67780897B434B47D235EED01E19
                      SHA-512:C56C1F93A27FA1E877089077AABBDC1867EC91F7CBF22E6B785227CC365ECB22231869A5584A448729F3331930F1565C2A56C31C814F227DC575C747CECB7A72
                      Malicious:false
                      Preview:2024/09/04-19:57:54.877 1c1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/04-19:57:54.877 1c1c Recovering log #3.2024/09/04-19:57:54.878 1c1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):406
                      Entropy (8bit):5.301677555335585
                      Encrypted:false
                      SSDEEP:12:PG7+vYfYeb8rcHEZrELFUt82Gr/+2Ga3V5JfYeb8rcHEZrEZSJ:fYfYeb8nZrExg8RXJfYeb8nZrEZe
                      MD5:A41B713DAA236B27F01258141D6CDB68
                      SHA1:C65A0E652CB2E81D46F2EB58137B9BBAA0E2652B
                      SHA-256:3A489F4B4D87DA06415D638136BFACEB349BA67780897B434B47D235EED01E19
                      SHA-512:C56C1F93A27FA1E877089077AABBDC1867EC91F7CBF22E6B785227CC365ECB22231869A5584A448729F3331930F1565C2A56C31C814F227DC575C747CECB7A72
                      Malicious:false
                      Preview:2024/09/04-19:57:54.877 1c1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/04-19:57:54.877 1c1c Recovering log #3.2024/09/04-19:57:54.878 1c1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):334
                      Entropy (8bit):5.171735662809666
                      Encrypted:false
                      SSDEEP:6:PGt4Q+q2Pwkn23oH+Tcwt8a2jMGIFUt82GtTuZgZmw+2GtR9SQVkwOwkn23oH+Tg:PGuQ+vYfYeb8EFUt82GBwg/+2GkQV5Jg
                      MD5:AE77FA07D20E3425E4814DDD90F199A3
                      SHA1:8C7D3CCBAAE370C5EEA0C9D0000EE21D76460EEE
                      SHA-256:AC0DFADECE248C1D18CD812B43F58335E342F485168C8A4DF2F03042A5737EE1
                      SHA-512:0FE1EEDC39FDBCC731FFF7A4B35EF6F3EFE39FEF2E3EE67E982214CC4C7FBEF53C1F2AD7910920FB0E5920489D031F7B565A3D453EB9C8F730BCCC0FEC7E1C43
                      Malicious:false
                      Preview:2024/09/04-19:57:54.419 1e7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/04-19:57:54.420 1e7c Recovering log #3.2024/09/04-19:57:54.422 1e7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):334
                      Entropy (8bit):5.171735662809666
                      Encrypted:false
                      SSDEEP:6:PGt4Q+q2Pwkn23oH+Tcwt8a2jMGIFUt82GtTuZgZmw+2GtR9SQVkwOwkn23oH+Tg:PGuQ+vYfYeb8EFUt82GBwg/+2GkQV5Jg
                      MD5:AE77FA07D20E3425E4814DDD90F199A3
                      SHA1:8C7D3CCBAAE370C5EEA0C9D0000EE21D76460EEE
                      SHA-256:AC0DFADECE248C1D18CD812B43F58335E342F485168C8A4DF2F03042A5737EE1
                      SHA-512:0FE1EEDC39FDBCC731FFF7A4B35EF6F3EFE39FEF2E3EE67E982214CC4C7FBEF53C1F2AD7910920FB0E5920489D031F7B565A3D453EB9C8F730BCCC0FEC7E1C43
                      Malicious:false
                      Preview:2024/09/04-19:57:54.419 1e7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/04-19:57:54.420 1e7c Recovering log #3.2024/09/04-19:57:54.422 1e7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                      Category:dropped
                      Size (bytes):57344
                      Entropy (8bit):0.863060653641558
                      Encrypted:false
                      SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                      MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                      SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                      SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                      SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):45056
                      Entropy (8bit):0.40293591932113104
                      Encrypted:false
                      SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                      MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                      SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                      SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                      SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\08fa6231-2709-480b-ae6e-8087f5e32e45.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2060
                      Entropy (8bit):5.271001796349472
                      Encrypted:false
                      SSDEEP:48:YXs98sqVVfcdsAgsyrsognsm+HOsM1Ysh+HeCbZ:1yVEKRC4GB431
                      MD5:BE47A9831863092FAADAFB87AC408270
                      SHA1:23DC43502873306D13525A8304B2A4C6A58E83FC
                      SHA-256:86391713D674F25C2445B540C25F71536F835B2C7A13F0A03FFF591E340D76C4
                      SHA-512:6E54C4A40AAA65386687A1BD5413389B647A22ABB79AF89460C3C68A4743323145E4B8E7781D5AF0CF09C9C42E2609336D0180DCCD86999B8EB5AEFCE96A2479
                      Malicious:false
                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372559876218547","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372559877384440","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372559878535395","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372559882986639","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"adver

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1e3e092c-6035-4e5c-9d61-c9e7c81369d1.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):40
                      Entropy (8bit):4.1275671571169275
                      Encrypted:false
                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                      MD5:20D4B8FA017A12A108C87F540836E250
                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                      Malicious:false
                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1f3fe867-09d7-432e-8ad8-45201b1b5dcc.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2abad520-546e-4541-a571-42db690f6e27.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5d0a0cba-78d7-4452-9785-d8ecbfe0a7bd.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):354
                      Entropy (8bit):5.475921367813066
                      Encrypted:false
                      SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcnAGBv31dB8wXwlmUUAnIMp5bz940SQ:YWyX5Sg9vt+UAnIQcAGR7N+UAnIg0Q
                      MD5:624F65FC89C3DFFE5DF016FFFE0527DD
                      SHA1:A6CAFF759952A1DDDA3CA4FEFFDC331D8E66AC29
                      SHA-256:53D9B85E9B39BC4CB26A5484799A22BC9E0A3323CF8CA2FB2731805A18341F58
                      SHA-512:59BD67E3EBB3D3CD76687926E46DA5B9031225DC58698C38E2A514AC262DD57020ADA60C8504CCA392888920A7CECA1C25B4DECFC56CB0990B6B9381BB5B002C
                      Malicious:false
                      Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757030344.005385,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725494344.00539}],"version":2}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5dafb538-45e7-47a5-95f7-aee5ff3bbbd8.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.0919074569803042
                      Encrypted:false
                      SSDEEP:48:T2dKLopF+SawLUO1Xj8B1c54/P9UPQ/LNptOFyPr:ige+AuhemLXr
                      MD5:1FB4BBC7127F5E6C45754740C3125767
                      SHA1:8E2F6185123917BDF8B828B5A3FC6B64BAC47765
                      SHA-256:E5AD3D3C1EB2880335E059B500796732010AD34E087FD98F058833CA2827600E
                      SHA-512:9138D03466955094B405DA05C2E519F9184F3E2C0FB6894D027C623C5CDFD014F36E9055AD2438F612CA415C7A0FCD5E1FDEAF152102A8176A3D6EA3ADD55076
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):61
                      Entropy (8bit):3.926136109079379
                      Encrypted:false
                      SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                      MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                      SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                      SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                      SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                      Malicious:false
                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2c00a.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):61
                      Entropy (8bit):3.926136109079379
                      Encrypted:false
                      SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                      MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                      SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                      SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                      SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                      Malicious:false
                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3aa89.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):61
                      Entropy (8bit):3.926136109079379
                      Encrypted:false
                      SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                      MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                      SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                      SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                      SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                      Malicious:false
                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                      Category:dropped
                      Size (bytes):36864
                      Entropy (8bit):1.3302476645271506
                      Encrypted:false
                      SSDEEP:96:uIEumQv8m1ccnvS66Do2dQF2YQ9UZh1CRVkI:uIEumQv8m1ccnvS6z282rUZh4d
                      MD5:083E74D4AA61F115A404C8A2DF55E33A
                      SHA1:9CFCBD2C1EB4DC1AC6E9AB976059E4563F141EEF
                      SHA-256:1A5DC9C28AFCE7459BB5AF97420BDC7680A932CAABADF16660F3F2EC7AAA35C2
                      SHA-512:5BBD97484031C5DF9D65B624A8A0EBF6DAAE690314613789A9097D501777BEAEBBD47F397AC60089E34A0397EA02D2F450D541807B26F9CC52D3BD1531E27A38
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF299c5.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2ae37.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2b319.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):40
                      Entropy (8bit):4.1275671571169275
                      Encrypted:false
                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                      MD5:20D4B8FA017A12A108C87F540836E250
                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                      Malicious:false
                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):203
                      Entropy (8bit):5.4042796420747425
                      Encrypted:false
                      SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                      MD5:24D66E5F1B8C76C76511DA68057CDE5E
                      SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                      SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                      SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                      Malicious:false
                      Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2bd89.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):203
                      Entropy (8bit):5.4042796420747425
                      Encrypted:false
                      SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                      MD5:24D66E5F1B8C76C76511DA68057CDE5E
                      SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                      SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                      SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                      Malicious:false
                      Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3b98d.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):203
                      Entropy (8bit):5.4042796420747425
                      Encrypted:false
                      SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                      MD5:24D66E5F1B8C76C76511DA68057CDE5E
                      SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                      SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                      SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                      Malicious:false
                      Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):36864
                      Entropy (8bit):0.36515621748816035
                      Encrypted:false
                      SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                      MD5:25363ADC3C9D98BAD1A33D0792405CBF
                      SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                      SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                      SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c6284d54-7e7d-4c3b-a3ec-97d3d0ec06f5.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):355
                      Entropy (8bit):5.464012792332018
                      Encrypted:false
                      SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcnuBv31dB8wXwlmUUAnIMp5aEKSQ:YWyX5Sg9vt+UAnIQcuR7N+UAnI2Q
                      MD5:7A4EE9B7CF886AC7A399721F3FCA4C6A
                      SHA1:73EEC749A9297E815CEC0A992E0AF8FC102032ED
                      SHA-256:B0773E7D26015E2F8F721A51E0FEE8D87C5921DC820FF41033F0D01AA252BF59
                      SHA-512:24B2504AF9A12A790753A0A6E86E5790C7DE9521BB9F2EFA9455DFF84C73803BB51F5E54DA6A3BFA442E89628BE0AA794251F85D207008A134A002077574BFA6
                      Malicious:false
                      Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757030284.029022,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725494284.029026}],"version":2}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d72c41e0-dc06-4794-97a5-3a44026c0081.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):111
                      Entropy (8bit):4.718418993774295
                      Encrypted:false
                      SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                      MD5:285252A2F6327D41EAB203DC2F402C67
                      SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                      SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                      SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                      Malicious:false
                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e947e11d-4b47-4bb9-aa40-30722ebeef68.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):0.5744102022039023
                      Encrypted:false
                      SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isCHIrdNG7fdjxHIXOFSY:TLiOUOq0afDdWec9sJKG7zo7J5fc
                      MD5:8B7CCBAE5FB8F1D3FDB331AED0833FB0
                      SHA1:7924CE8D7CF818F1132F1C8A047FBEEF13F18877
                      SHA-256:8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
                      SHA-512:23B07F98E037ECC9BAAB37EA93264503B936CA180F4873D19944D186F3529926CBDC7A0962E7A51EADC8CEB2CA85D94BFC3C431D0068B8320C45BF24C0DDB163
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):12269
                      Entropy (8bit):5.073395749869118
                      Encrypted:false
                      SSDEEP:192:sVyJ9pQTryZigaba4uy1JSwaYQ3m8fpj+FyjQAT9d1f:sVyLA3u2JSwkpUqQiB
                      MD5:68EC8CDB2C22DD8E91F5FBF99B1B586B
                      SHA1:2551E7B152E9EAAAF7F70DD94321C4AD5E8C8EC4
                      SHA-256:910188EDFD4A73AB7D78E6CEAE653CA5FC5CD3AE2983FE69F618610674F9F047
                      SHA-512:D2070E170352F8A0416E79F71E73FB7B8BE520B8E1335F0BDE8E7B1121CA193A879010AB349E67B4721D26E860445A0AD9F81EAF08A7FB80B8E8DBBBC61C0125
                      Malicious:false
                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369967873572602","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2d807.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):12269
                      Entropy (8bit):5.073395749869118
                      Encrypted:false
                      SSDEEP:192:sVyJ9pQTryZigaba4uy1JSwaYQ3m8fpj+FyjQAT9d1f:sVyLA3u2JSwkpUqQiB
                      MD5:68EC8CDB2C22DD8E91F5FBF99B1B586B
                      SHA1:2551E7B152E9EAAAF7F70DD94321C4AD5E8C8EC4
                      SHA-256:910188EDFD4A73AB7D78E6CEAE653CA5FC5CD3AE2983FE69F618610674F9F047
                      SHA-512:D2070E170352F8A0416E79F71E73FB7B8BE520B8E1335F0BDE8E7B1121CA193A879010AB349E67B4721D26E860445A0AD9F81EAF08A7FB80B8E8DBBBC61C0125
                      Malicious:false
                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369967873572602","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF32099.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):12269
                      Entropy (8bit):5.073395749869118
                      Encrypted:false
                      SSDEEP:192:sVyJ9pQTryZigaba4uy1JSwaYQ3m8fpj+FyjQAT9d1f:sVyLA3u2JSwkpUqQiB
                      MD5:68EC8CDB2C22DD8E91F5FBF99B1B586B
                      SHA1:2551E7B152E9EAAAF7F70DD94321C4AD5E8C8EC4
                      SHA-256:910188EDFD4A73AB7D78E6CEAE653CA5FC5CD3AE2983FE69F618610674F9F047
                      SHA-512:D2070E170352F8A0416E79F71E73FB7B8BE520B8E1335F0BDE8E7B1121CA193A879010AB349E67B4721D26E860445A0AD9F81EAF08A7FB80B8E8DBBBC61C0125
                      Malicious:false
                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369967873572602","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3492f.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):12269
                      Entropy (8bit):5.073395749869118
                      Encrypted:false
                      SSDEEP:192:sVyJ9pQTryZigaba4uy1JSwaYQ3m8fpj+FyjQAT9d1f:sVyLA3u2JSwkpUqQiB
                      MD5:68EC8CDB2C22DD8E91F5FBF99B1B586B
                      SHA1:2551E7B152E9EAAAF7F70DD94321C4AD5E8C8EC4
                      SHA-256:910188EDFD4A73AB7D78E6CEAE653CA5FC5CD3AE2983FE69F618610674F9F047
                      SHA-512:D2070E170352F8A0416E79F71E73FB7B8BE520B8E1335F0BDE8E7B1121CA193A879010AB349E67B4721D26E860445A0AD9F81EAF08A7FB80B8E8DBBBC61C0125
                      Malicious:false
                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369967873572602","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF395c9.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):12269
                      Entropy (8bit):5.073395749869118
                      Encrypted:false
                      SSDEEP:192:sVyJ9pQTryZigaba4uy1JSwaYQ3m8fpj+FyjQAT9d1f:sVyLA3u2JSwkpUqQiB
                      MD5:68EC8CDB2C22DD8E91F5FBF99B1B586B
                      SHA1:2551E7B152E9EAAAF7F70DD94321C4AD5E8C8EC4
                      SHA-256:910188EDFD4A73AB7D78E6CEAE653CA5FC5CD3AE2983FE69F618610674F9F047
                      SHA-512:D2070E170352F8A0416E79F71E73FB7B8BE520B8E1335F0BDE8E7B1121CA193A879010AB349E67B4721D26E860445A0AD9F81EAF08A7FB80B8E8DBBBC61C0125
                      Malicious:false
                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369967873572602","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):33
                      Entropy (8bit):4.051821770808046
                      Encrypted:false
                      SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                      MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                      SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                      SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                      SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                      Malicious:false
                      Preview:{"preferred_apps":[],"version":1}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):34635
                      Entropy (8bit):5.560564207521644
                      Encrypted:false
                      SSDEEP:768:nVrv62WPUGfqX8F1+UoAYDCx9Tuqh0VfUC9xbog/OVkwxVMrwUu3DdKp2tuT:nVrv62WPUGfqXu1jabaVlUuxjtQ
                      MD5:655D9DB3299286E455AE7AD66640439B
                      SHA1:D7501C28B31B351AFC75432B57B63995C85C2742
                      SHA-256:5061B5A5C4DAA729B2C1133F35EDC394F31448BD63C51E360559F865C642D931
                      SHA-512:1DD30BB033C2D305521662EAD1269D6BEA3AE1AA40EED9E0AAF26C0011A0978CCFD0980730E9C47D8586DD14C6F886D93A4DD6562E04B181C58F2B338B324017
                      Malicious:false
                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369967872449095","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369967872449095","location":5,"ma

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2d4ca.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):34635
                      Entropy (8bit):5.560564207521644
                      Encrypted:false
                      SSDEEP:768:nVrv62WPUGfqX8F1+UoAYDCx9Tuqh0VfUC9xbog/OVkwxVMrwUu3DdKp2tuT:nVrv62WPUGfqXu1jabaVlUuxjtQ
                      MD5:655D9DB3299286E455AE7AD66640439B
                      SHA1:D7501C28B31B351AFC75432B57B63995C85C2742
                      SHA-256:5061B5A5C4DAA729B2C1133F35EDC394F31448BD63C51E360559F865C642D931
                      SHA-512:1DD30BB033C2D305521662EAD1269D6BEA3AE1AA40EED9E0AAF26C0011A0978CCFD0980730E9C47D8586DD14C6F886D93A4DD6562E04B181C58F2B338B324017
                      Malicious:false
                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369967872449095","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369967872449095","location":5,"ma

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):364
                      Entropy (8bit):4.035313768194622
                      Encrypted:false
                      SSDEEP:6:S85aEFljljljljljljlLlaD6RT36Hpw+CA5EEE:S+a8ljljljljljljlLUqqy+CA
                      MD5:E1B71758F862E92AE0D4154624D808E0
                      SHA1:BFEEC8041FD0AAB5D89405EC62B543FCD47B8B3D
                      SHA-256:26B161B37EA256249EA01F29EC2F1F10CD8E0C107BB1212055EB51B026B2F909
                      SHA-512:2F85E49F2AE98EC999E541CE7E0B24B66F6266885286CFAD91705ED930258E4B3966667D2F1D42A47C16D023A37A9662A2BAB54E385EF2853B66550C1F79A2A5
                      Malicious:false
                      Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................j................next-map-id.1.Knamespace-4de5d5a7_9acd_4106_be80_ff9f10b31f95-https://accounts.google.com/.0V.e................V.e................V.e................V.e................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):322
                      Entropy (8bit):5.152781612913537
                      Encrypted:false
                      SSDEEP:6:PGtlQ+q2Pwkn23oH+TcwtrQMxIFUt82Gt9wgZmw+2Gt/wQVkwOwkn23oH+Tcwtrb:PGHQ+vYfYebCFUt82GIg/+2G9wQV5Jfn
                      MD5:269EC452C7BF37DFE8BA71DC66508925
                      SHA1:534220601ABB650DA23CF055D0A04BB4C2C3ECB3
                      SHA-256:D2EE9239EF1F5E4844F10985E47D8F8BA3BDF69D371C016817E1777D62B01C8C
                      SHA-512:7DDABBFC0A6FEA3383E00A0C6D9F29A78001102A33B1251B9DCB55C6DAFCBB2078DBE426A8B28234753A5C88E2E9F5565541B938C8114FD9D2CFF408BEEC0149
                      Malicious:false
                      Preview:2024/09/04-19:57:54.403 1e7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/04-19:57:54.404 1e7c Recovering log #3.2024/09/04-19:57:54.406 1e7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):322
                      Entropy (8bit):5.152781612913537
                      Encrypted:false
                      SSDEEP:6:PGtlQ+q2Pwkn23oH+TcwtrQMxIFUt82Gt9wgZmw+2Gt/wQVkwOwkn23oH+Tcwtrb:PGHQ+vYfYebCFUt82GIg/+2G9wQV5Jfn
                      MD5:269EC452C7BF37DFE8BA71DC66508925
                      SHA1:534220601ABB650DA23CF055D0A04BB4C2C3ECB3
                      SHA-256:D2EE9239EF1F5E4844F10985E47D8F8BA3BDF69D371C016817E1777D62B01C8C
                      SHA-512:7DDABBFC0A6FEA3383E00A0C6D9F29A78001102A33B1251B9DCB55C6DAFCBB2078DBE426A8B28234753A5C88E2E9F5565541B938C8114FD9D2CFF408BEEC0149
                      Malicious:false
                      Preview:2024/09/04-19:57:54.403 1e7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/04-19:57:54.404 1e7c Recovering log #3.2024/09/04-19:57:54.406 1e7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369967874941222

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):7469
                      Entropy (8bit):4.027896364790212
                      Encrypted:false
                      SSDEEP:192:3dQVnX3P1oWGTnh3P1oWLnoeT2z3P1oWuP:N8v1oWGrp1oWzFq1oWu
                      MD5:CFFCAD785BB08673F1808E138BB2678E
                      SHA1:F1D75064ABF1956FC978E65951206371751250E2
                      SHA-256:15F1A8C2C72FDB36E1368F94A60B6E045C755EACEE4C966E41F77A8CAFF79122
                      SHA-512:C6095FD1D18B527A99BB576F5900F13B895370220E4C925E3FCD5F9F543D73124E5EB3C121F52007AD63CEDAE3D1FB3D46625919F57187CD36AD5C822DD88C00
                      Malicious:false
                      Preview:SNSS..........6..............6......"...6..............6..........6..........6..........6....!.....6..................................6...61..,......6$...4de5d5a7_9acd_4106_be80_ff9f10b31f95......6..........6....Is............6......6..........................6....................5..0......6&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}........6..........6.............................6..............6....>...https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd&ifkv=Ab5oB3qFJHtO6By3kgB6SwFIkID0Jj4Q29j1nmWMDaRcVx0zGuW02xYY4rtJAHNP8VvDqj-_YyA3eA&service=accountsettings&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-284472860%3A1725494277444209&ddm=0......S.i.g.n. .i.n. .-. .G.o.o.g.l.e. .A.c.c.o.u.n.t.s...L...H...!...@....................................................................................................6v.S!...6v.S!..................................P...................................................>...h

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):0.44194574462308833
                      Encrypted:false
                      SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                      MD5:B35F740AA7FFEA282E525838EABFE0A6
                      SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                      SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                      SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):350
                      Entropy (8bit):5.176867303423901
                      Encrypted:false
                      SSDEEP:6:PGVrIq2Pwkn23oH+Tcwt7Uh2ghZIFUt82GVLZmw+2GV5wkwOwkn23oH+Tcwt7Uh9:PGdIvYfYebIhHh2FUt82Gx/+2Gc5JfYz
                      MD5:230E9CFA0505DB062B91E5690C61D750
                      SHA1:F20D40E88439CFABF653DFBE42FCAF78838EC09C
                      SHA-256:E33756D3BD59FC059638926A9EE80A033EDD610390C42579D8292A55D0E1690C
                      SHA-512:0754F6FF092688635778EF2ED7B671C08C9EF8C526E80F8B7FF881B3146C8A93562E1ABCB28DDD89F52D81F460957DDE636087659B8FE1B71E215838C55E8A53
                      Malicious:false
                      Preview:2024/09/04-19:57:53.103 1c34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/04-19:57:53.105 1c34 Recovering log #3.2024/09/04-19:57:53.106 1c34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):350
                      Entropy (8bit):5.176867303423901
                      Encrypted:false
                      SSDEEP:6:PGVrIq2Pwkn23oH+Tcwt7Uh2ghZIFUt82GVLZmw+2GV5wkwOwkn23oH+Tcwt7Uh9:PGdIvYfYebIhHh2FUt82Gx/+2Gc5JfYz
                      MD5:230E9CFA0505DB062B91E5690C61D750
                      SHA1:F20D40E88439CFABF653DFBE42FCAF78838EC09C
                      SHA-256:E33756D3BD59FC059638926A9EE80A033EDD610390C42579D8292A55D0E1690C
                      SHA-512:0754F6FF092688635778EF2ED7B671C08C9EF8C526E80F8B7FF881B3146C8A93562E1ABCB28DDD89F52D81F460957DDE636087659B8FE1B71E215838C55E8A53
                      Malicious:false
                      Preview:2024/09/04-19:57:53.103 1c34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/04-19:57:53.105 1c34 Recovering log #3.2024/09/04-19:57:53.106 1c34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.01057775872642915
                      Encrypted:false
                      SSDEEP:3:MsFl:/F
                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                      Malicious:false
                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):270336
                      Entropy (8bit):8.280239615765425E-4
                      Encrypted:false
                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.011852361981932763
                      Encrypted:false
                      SSDEEP:3:MsHlDll:/H
                      MD5:0962291D6D367570BEE5454721C17E11
                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.012340643231932763
                      Encrypted:false
                      SSDEEP:3:MsGl3ll:/y
                      MD5:41876349CB12D6DB992F1309F22DF3F0
                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                      Category:dropped
                      Size (bytes):524656
                      Entropy (8bit):5.027445846313988E-4
                      Encrypted:false
                      SSDEEP:3:Lsul7npl:LsAnpl
                      MD5:3CFAEBA4E2DEDB7C5E87A9A9A84E06DB
                      SHA1:FB60ED2E1DD4EED481B6FD28B125BED034B8D154
                      SHA-256:337F2518EFE7BD9F4BC20C733B5A707F19FDEE779613EB81DEAD54883E6A4821
                      SHA-512:BD706C6EDCEFD64974884528C910FB36020B41F89AD33F44052228EB837A6C21887129985167882212A3914D3FCFBFBBAA0D8820C1C1F88C7BE469E5FBC70FAD
                      Malicious:false
                      Preview:.......................................... :../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.01057775872642915
                      Encrypted:false
                      SSDEEP:3:MsFl:/F
                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                      Malicious:false
                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):270336
                      Entropy (8bit):0.0012471779557650352
                      Encrypted:false
                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.011852361981932763
                      Encrypted:false
                      SSDEEP:3:MsHlDll:/H
                      MD5:0962291D6D367570BEE5454721C17E11
                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.012340643231932763
                      Encrypted:false
                      SSDEEP:3:MsGl3ll:/y
                      MD5:41876349CB12D6DB992F1309F22DF3F0
                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                      Category:dropped
                      Size (bytes):262512
                      Entropy (8bit):9.553120663130604E-4
                      Encrypted:false
                      SSDEEP:3:LsNlKK/:Ls3R
                      MD5:1D22D89B2234CBA67F5D0A1CC066F25F
                      SHA1:291E1A8BEF2AF4FDFCEE6BD0CFF5C7DE095EEEF6
                      SHA-256:20492225C9579A74A8F27D874C97741663A8A3E4004D19EFC062568D2F19D690
                      SHA-512:BC0FC197148BA10B648BD889DDF4D4DAB745833F440BDE4C5703245FCDE7D2A6830CD6496378B96AB40AE20C6E6769A302331D25EF807AB7985E6498DBDF1273
                      Malicious:false
                      Preview:...........................................9../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):270336
                      Entropy (8bit):0.0012471779557650352
                      Encrypted:false
                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):432
                      Entropy (8bit):5.247760225097564
                      Encrypted:false
                      SSDEEP:12:PGtQ+vYfYebvqBQFUt82GASg/+2GEpQV5JfYebvqBvJ:e5YfYebvZg81eSJfYebvk
                      MD5:C1ECE2F82F893160B6F4B45C32CEFECF
                      SHA1:65D9FA70DBF7A570D39C5B9580573087E3AA19AD
                      SHA-256:BDBDE0715475E7F09B66CC4A4682514A5107B21D8A7BA8328F89C0627B3BFC00
                      SHA-512:6A8FAA67A6BF5BEF56752A669EBA8C8BED2DDA394DE4324AA86978CA0CFFAB2476C6793C0F268F248000AF8388C8BF3E250E9C337BE6AB94DD754E7D7E47484C
                      Malicious:false
                      Preview:2024/09/04-19:57:54.445 1e7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/04-19:57:54.447 1e7c Recovering log #3.2024/09/04-19:57:54.451 1e7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):432
                      Entropy (8bit):5.247760225097564
                      Encrypted:false
                      SSDEEP:12:PGtQ+vYfYebvqBQFUt82GASg/+2GEpQV5JfYebvqBvJ:e5YfYebvZg81eSJfYebvk
                      MD5:C1ECE2F82F893160B6F4B45C32CEFECF
                      SHA1:65D9FA70DBF7A570D39C5B9580573087E3AA19AD
                      SHA-256:BDBDE0715475E7F09B66CC4A4682514A5107B21D8A7BA8328F89C0627B3BFC00
                      SHA-512:6A8FAA67A6BF5BEF56752A669EBA8C8BED2DDA394DE4324AA86978CA0CFFAB2476C6793C0F268F248000AF8388C8BF3E250E9C337BE6AB94DD754E7D7E47484C
                      Malicious:false
                      Preview:2024/09/04-19:57:54.445 1e7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/04-19:57:54.447 1e7c Recovering log #3.2024/09/04-19:57:54.451 1e7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\203f1a2d-6a4e-4481-9920-370263d8865f.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3d5de0d4-7762-4ed2-9b3b-db4926ccfaca.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):111
                      Entropy (8bit):4.718418993774295
                      Encrypted:false
                      SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                      MD5:285252A2F6327D41EAB203DC2F402C67
                      SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                      SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                      SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                      Malicious:false
                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):193
                      Entropy (8bit):4.864047146590611
                      Encrypted:false
                      SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                      MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                      SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                      SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                      SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                      Malicious:false
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3b4da.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):193
                      Entropy (8bit):4.864047146590611
                      Encrypted:false
                      SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                      MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                      SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                      SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                      SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                      Malicious:false
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                      Category:dropped
                      Size (bytes):36864
                      Entropy (8bit):0.555790634850688
                      Encrypted:false
                      SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                      MD5:0247E46DE79B6CD1BF08CAF7782F7793
                      SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                      SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                      SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2ae09.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2b319.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):40
                      Entropy (8bit):4.1275671571169275
                      Encrypted:false
                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                      MD5:20D4B8FA017A12A108C87F540836E250
                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                      Malicious:false
                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):36864
                      Entropy (8bit):0.36515621748816035
                      Encrypted:false
                      SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                      MD5:25363ADC3C9D98BAD1A33D0792405CBF
                      SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                      SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                      SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d1a8fb57-3318-47fa-9d34-83088dfe26b8.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):40
                      Entropy (8bit):4.1275671571169275
                      Encrypted:false
                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                      MD5:20D4B8FA017A12A108C87F540836E250
                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                      Malicious:false
                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e38277f9-d737-4258-bcd1-ff316d6f40f2.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f3ba82d4-048d-47e3-8301-4c8713ff35d0.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2
                      Entropy (8bit):1.0
                      Encrypted:false
                      SSDEEP:3:H:H
                      MD5:D751713988987E9331980363E24189CE
                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                      Malicious:false
                      Preview:[]

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):80
                      Entropy (8bit):3.4921535629071894
                      Encrypted:false
                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                      MD5:69449520FD9C139C534E2970342C6BD8
                      SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                      SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                      SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                      Malicious:false
                      Preview:*...#................version.1..namespace-..&f.................&f...............

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):420
                      Entropy (8bit):5.266025126219555
                      Encrypted:false
                      SSDEEP:12:PYyDQ+vYfYebvqBZFUt82YaZg/+2YfQV5JfYebvqBaJ:j5YfYebvyg8MZvSJfYebvL
                      MD5:728639394B294D67393873556D40C129
                      SHA1:3A9B00C70A4F52AF920D86135CFC4CB5F97647E5
                      SHA-256:03189B9401CC6F937EC50BC8FE4D64B435B76E340B01EB92843241C1EDB5F1E0
                      SHA-512:1DCA26FD494D7E3BA6948117C44F4B0C21AEF2B5BD850844F6568126DF55FB618062FF7CAC4E283F7BEDA454382AC835EF896141620058A03621692EB8DA5BF9
                      Malicious:false
                      Preview:2024/09/04-19:58:09.959 1e7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/04-19:58:09.960 1e7c Recovering log #3.2024/09/04-19:58:09.963 1e7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):420
                      Entropy (8bit):5.266025126219555
                      Encrypted:false
                      SSDEEP:12:PYyDQ+vYfYebvqBZFUt82YaZg/+2YfQV5JfYebvqBaJ:j5YfYebvyg8MZvSJfYebvL
                      MD5:728639394B294D67393873556D40C129
                      SHA1:3A9B00C70A4F52AF920D86135CFC4CB5F97647E5
                      SHA-256:03189B9401CC6F937EC50BC8FE4D64B435B76E340B01EB92843241C1EDB5F1E0
                      SHA-512:1DCA26FD494D7E3BA6948117C44F4B0C21AEF2B5BD850844F6568126DF55FB618062FF7CAC4E283F7BEDA454382AC835EF896141620058A03621692EB8DA5BF9
                      Malicious:false
                      Preview:2024/09/04-19:58:09.959 1e7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/04-19:58:09.960 1e7c Recovering log #3.2024/09/04-19:58:09.963 1e7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):326
                      Entropy (8bit):5.24851639971916
                      Encrypted:false
                      SSDEEP:6:PGbojOq2Pwkn23oH+TcwtpIFUt82Gb9+hZmw+2Gb9+7kwOwkn23oH+Tcwta/WLJ:PGboKvYfYebmFUt82Gbc/+2Gbc5JfYev
                      MD5:4C004A2EAF8B9F7A0B6A668CFFA54663
                      SHA1:2BAE24D36A74F8104C3B454ADD5F1C1BCC92CEBD
                      SHA-256:4997EF123BAB241FC22E4C19CC5537641B2DC6705CC2B3CE8A889D02D28168C6
                      SHA-512:15A08CFB0EA874A5F76D39EAEBB9D0D320BD4892761369B1EFB9FC2D4D6998E31EDF43FD309C3F69C690C337DEAA9011573DFBCA20AEDEF8F53F78C2C2C01B65
                      Malicious:false
                      Preview:2024/09/04-19:57:52.527 1c30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/04-19:57:52.536 1c30 Recovering log #3.2024/09/04-19:57:52.536 1c30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):326
                      Entropy (8bit):5.24851639971916
                      Encrypted:false
                      SSDEEP:6:PGbojOq2Pwkn23oH+TcwtpIFUt82Gb9+hZmw+2Gb9+7kwOwkn23oH+Tcwta/WLJ:PGboKvYfYebmFUt82Gbc/+2Gbc5JfYev
                      MD5:4C004A2EAF8B9F7A0B6A668CFFA54663
                      SHA1:2BAE24D36A74F8104C3B454ADD5F1C1BCC92CEBD
                      SHA-256:4997EF123BAB241FC22E4C19CC5537641B2DC6705CC2B3CE8A889D02D28168C6
                      SHA-512:15A08CFB0EA874A5F76D39EAEBB9D0D320BD4892761369B1EFB9FC2D4D6998E31EDF43FD309C3F69C690C337DEAA9011573DFBCA20AEDEF8F53F78C2C2C01B65
                      Malicious:false
                      Preview:2024/09/04-19:57:52.527 1c30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/04-19:57:52.536 1c30 Recovering log #3.2024/09/04-19:57:52.536 1c30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                      Category:dropped
                      Size (bytes):28672
                      Entropy (8bit):0.26707851465859517
                      Encrypted:false
                      SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                      MD5:04F8B790DF73BD7CD01238F4681C3F44
                      SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                      SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                      SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):131072
                      Entropy (8bit):0.005506126367400777
                      Encrypted:false
                      SSDEEP:3:ImtVx//l/9yNj2RW/yE/l:IiVt/wjqWqEt
                      MD5:D7AD4C9DF6F75BAD7CEF0616C7E307C7
                      SHA1:914D2FB5E0D2B1001D011CF608C2D94F014CC8F3
                      SHA-256:147A2780BF3D8CAA813F3E0AA42CFE9009A1E58F554E96085D70FBC49589EF98
                      SHA-512:D00D6A12FB4B1F2517C67E1FE6ECA3B68FD2F689E430278554837878E5009ACFEE8F6E1614952B1009677C2B041B80FB4329E13CDC24AE5158D17DF00D6D8160
                      Malicious:false
                      Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                      Category:dropped
                      Size (bytes):184320
                      Entropy (8bit):1.066991475774723
                      Encrypted:false
                      SSDEEP:192:QSqzWMMUfTBnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYWVn6:QrzWMffFnzkkqtXnTK+hNH+5EVumj
                      MD5:1B8EEB5D40AAAA156DEB816E29429886
                      SHA1:EEE4CD83C6B6FDBE9EAA726A66C67FE157AD613B
                      SHA-256:8D07E61D063B465A86ACBA191CF26A44655AADBA2C6A52D7A60C49E95B32DEE1
                      SHA-512:9AF2CAEAD0A93F0B0C13893885A942AEEB792BEA5711C343886D8AA8DE6020075C31D8A05F914182F042A8066C27C4589A60A0DF55BE1E9A44EBC1CC4CDF0E97
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                      Category:dropped
                      Size (bytes):14336
                      Entropy (8bit):1.4223434234508736
                      Encrypted:false
                      SSDEEP:48:uOK3tjkSdj5IUltGhp22iSBgk2Ry4iTGZv2Ry4iTGnxj/:PtSjGhp22iS4nYnR
                      MD5:8B78874EFDC70891BC8273541C56EC48
                      SHA1:A0FC3CB7C0570181E29E05A0AF2A90D61EFA0E8E
                      SHA-256:3739DA012344B8B6F3D2A13350679128F786739038642A53CEDE3F50F8474FFE
                      SHA-512:861A4F6BF58A69643E54DD76F3556E39FC838BFA69E274ED5282A035203AE0AA35B2E69670E059D169971C3BD1DAFD40D08B14D30AEF70F2547508BD433C14F9
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.41235120905181716
                      Encrypted:false
                      SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                      MD5:981F351994975A68A0DD3ECE5E889FD0
                      SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                      SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                      SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11755
                      Entropy (8bit):5.190465908239046
                      Encrypted:false
                      SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                      MD5:07301A857C41B5854E6F84CA00B81EA0
                      SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                      SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                      SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                      Malicious:false
                      Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d4f8b53d-baf1-40af-bf26-be9c2be03a25.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):13519
                      Entropy (8bit):5.246503963743186
                      Encrypted:false
                      SSDEEP:192:sVyJ9pQTryZiuaba4uy1JSwnYEzn7YQ3e8fpj+FyjQAT9d1f:sVyLAJu2JSwYEzxpUqQiB
                      MD5:9F581CD7FF2151CBC9E67010E09315EA
                      SHA1:F7C07C0F126EB8F3E5F4098B7EF510D13F292631
                      SHA-256:BE7A85EAB626CA3977F8D04377F78584DD943AFAA1D1F57A484BC69A1653AD28
                      SHA-512:67CFFF99AF6E5C6BADB51952742450F07B5BAE30D3CC33157CEBE4F075C1454454DA3496EAB5B78EDE12B3CF7A04748EBC3EA8CF35FEB1C2E2682D697DA00C7E
                      Malicious:false
                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369967873572602","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):28672
                      Entropy (8bit):0.3410017321959524
                      Encrypted:false
                      SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                      MD5:98643AF1CA5C0FE03CE8C687189CE56B
                      SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                      SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                      SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                      Category:dropped
                      Size (bytes):16384
                      Entropy (8bit):0.35226517389931394
                      Encrypted:false
                      SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                      MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                      SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                      SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                      SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):0.09745589267557546
                      Encrypted:false
                      SSDEEP:6:G9l/u8fnjIl/u8fn5X9XHl/Vl/Unkl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/VlG:CtL8tLRdFnnnnnnnnnnnnnnpEo
                      MD5:3A9A1567595084B6558CF6E53F0323D4
                      SHA1:C6CDF5626039B41AA4909EC12F1BC7CF7634420F
                      SHA-256:81E46D2828B8813C7BF308449EAC03E0073C69F19C4D4FD7A6C10A987C6B3527
                      SHA-512:8BC46E172F699B7CF06EC4EBB3BEC3E0A811C23148562E8BE6EB54A05880A2D81EDF4FE91030CF562572F277499B0FF5C39EB75986A64BCF10E75D8B8414B8C3
                      Malicious:false
                      Preview:..-.............H........\0.j..l..kW8..kD31[I....-.............H........\0.j..l..kW8..kD31[I..........D...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite Write-Ahead Log, version 3007000
                      Category:dropped
                      Size (bytes):296672
                      Entropy (8bit):1.0147558661985407
                      Encrypted:false
                      SSDEEP:384:7aCH+IeEjKFJbqZJu4kbKWM0SwZW8/QmfZWSv//c:7aKeEjKFJbqZJu4kbHMFYQ9SHE
                      MD5:2AD9B19BDA8C118149689BE5B0D9C19D
                      SHA1:C81D4FCEA82480711A4DF5261D9A78AEE1D4F26F
                      SHA-256:472C8B26FC96E1795926210A3081DA0AB02A6B3DA3D7CF079A3953EF63C91506
                      SHA-512:F73F56398C9F268D27FB82C4446EB7B0BB2EB737BE7E4EA87FB19FAD81ADB2221B0F478DD4A2F661BA3F245A5588935D7BB6A049651E22ECC0C301A2E8A4A103
                      Malicious:false
                      Preview:7....-............kW8..@...H............kW8...Y.u..3u................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:modified
                      Size (bytes):250
                      Entropy (8bit):3.6808918782369986
                      Encrypted:false
                      SSDEEP:3:VVXntjQPEnjQRiil3seGKT9rcQ6xzCEOtlTxotlTxotlTxotlTxotlTxotlTxotl:/XntM+sl3sedhOzCEOuuuuuu
                      MD5:C5C06F593A140A0261AC04A0F71FDFF7
                      SHA1:90C713715ADC8DC6C9E4AD8EE7DE5541CC872010
                      SHA-256:7BB2E6B994397651806665FF61AB5FAB55B1A38A353BC95FA35A85EB9B976348
                      SHA-512:189F1D3A309E93BC4007408B3D7B125A938CD380866CFEDE6E90FD9AEEEB81FBC8B3CA50E09B862DAD1041018B6E8D08409D1F12C93428B3197E99869913194A
                      Malicious:false
                      Preview:A..r.................20_1_1...1.,U.................20_1_1...1c...0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):281
                      Entropy (8bit):5.253171427275091
                      Encrypted:false
                      SSDEEP:6:PGTJm1wkn23oH+Tcwtfrl2KLllGTNDM+q2Pwkn23oH+TcwtfrK+IFUv:PGTXfYeb1LnGTm+vYfYeb23FUv
                      MD5:41268F7A9AA2827E42FB3884F3BEA19C
                      SHA1:96937C81DBB9D9CDB61F5CEA94FA1A521ABBBEF5
                      SHA-256:8E02A18352DF23040CF973C7E67AAE5D3456B3C86EA59AA15D36D85F53155A8F
                      SHA-512:5E26C0AD3F189A9B9FA1998AFFF473160A1D307DF3C6FAFA6E841145A2DC8D99FA0AB0030F8351E2EB134C6A8B0F09F8F3EF88BA1A3FBC89D95E76D3376C87D6
                      Malicious:false
                      Preview:2024/09/04-19:57:53.761 1c1c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/09/04-19:57:53.770 1c1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:OpenPGP Secret Key
                      Category:dropped
                      Size (bytes):41
                      Entropy (8bit):4.704993772857998
                      Encrypted:false
                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                      Malicious:false
                      Preview:.|.."....leveldb.BytewiseComparator......

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):617
                      Entropy (8bit):3.9325179151892424
                      Encrypted:false
                      SSDEEP:12:G0nYUteza//z3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYUtezaD3RUovhC+lvBOL0
                      MD5:AD15D72AA4792C14DDD002CED70E8245
                      SHA1:30D0E75166FDA7126A73480EE3222C193231B579
                      SHA-256:17A781FB31D3176491D9B277ADEEE5521972C68956A2271637BBCBFEB27D6A7D
                      SHA-512:20B8D19B529A392FE0CBB44844926210D98C477498377B8370AA3A3A763C047EF96BE341686406522868EF848C83EF5EF4792B17CDD0462D4680EDA542C8A54F
                      Malicious:false
                      Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):16
                      Entropy (8bit):3.2743974703476995
                      Encrypted:false
                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                      MD5:46295CAC801E5D4857D09837238A6394
                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                      Malicious:false
                      Preview:MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):299
                      Entropy (8bit):5.220208806453859
                      Encrypted:false
                      SSDEEP:6:PGGm1wkn23oH+Tcwtfrzs52KLllGTgDM+q2Pwkn23oH+TcwtfrzAdIFUv:PGGhfYebs9LnGTd+vYfYeb9FUv
                      MD5:3D06F996C418B8C3D14FB3A2CC3491E9
                      SHA1:9182A9400AEA37C590A1BF02D5BC458293D36F5A
                      SHA-256:A0937BBD5CDEE972CAF85C25D06EC64DC91831DDBB68E45F00226CA29F154378
                      SHA-512:D8EF9D17ACABE04B2000A7CB0AB7905C3A4581C7BE18F0785F92C929C212CF74D43017620E5B6BAF969160CE574EFAAAB6032B6EC0A7C7F9E67E744027FD7071
                      Malicious:false
                      Preview:2024/09/04-19:57:53.649 1c1c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/09/04-19:57:53.757 1c1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:OpenPGP Secret Key
                      Category:dropped
                      Size (bytes):41
                      Entropy (8bit):4.704993772857998
                      Encrypted:false
                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                      Malicious:false
                      Preview:.|.."....leveldb.BytewiseComparator......

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.01057775872642915
                      Encrypted:false
                      SSDEEP:3:MsFl:/F
                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                      Malicious:false
                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):270336
                      Entropy (8bit):8.280239615765425E-4
                      Encrypted:false
                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.011852361981932763
                      Encrypted:false
                      SSDEEP:3:MsHlDll:/H
                      MD5:0962291D6D367570BEE5454721C17E11
                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.012340643231932763
                      Encrypted:false
                      SSDEEP:3:MsGl3ll:/y
                      MD5:41876349CB12D6DB992F1309F22DF3F0
                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                      Category:dropped
                      Size (bytes):262512
                      Entropy (8bit):9.553120663130604E-4
                      Encrypted:false
                      SSDEEP:3:LsNlz+:Ls3z+
                      MD5:11AFC7C55C60CE53CF07BD92EABF836B
                      SHA1:4BA3842522CCB5AEAD35D1DB38978E178EED381D
                      SHA-256:89817D893775EC2E7BCCF2A812B04FD41B1F673240BC3592B4FF2F41C9EF37CC
                      SHA-512:AA47D02D7B05BD9C336BCA231016C8CD478DF0C309FCD998C579AE3F9982FB79F07237E8C4E0DF31F8B5041FBDA087C6E1B663A368A11BDF2C593A697A1E2128
                      Malicious:false
                      Preview:...........................................9../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.01057775872642915
                      Encrypted:false
                      SSDEEP:3:MsFl:/F
                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                      Malicious:false
                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):270336
                      Entropy (8bit):8.280239615765425E-4
                      Encrypted:false
                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.011852361981932763
                      Encrypted:false
                      SSDEEP:3:MsHlDll:/H
                      MD5:0962291D6D367570BEE5454721C17E11
                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.012340643231932763
                      Encrypted:false
                      SSDEEP:3:MsGl3ll:/y
                      MD5:41876349CB12D6DB992F1309F22DF3F0
                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                      Category:dropped
                      Size (bytes):262512
                      Entropy (8bit):9.553120663130604E-4
                      Encrypted:false
                      SSDEEP:3:LsNlkpl:Ls3I
                      MD5:CE6E3CB04937EDEF0257AF0E095B927D
                      SHA1:38655A48CD325C1EB955FBC02DE7A32D25561743
                      SHA-256:B04E4639B96530681D141899152EDE98CEE15FF5E6F38E5B777AC37EE774B444
                      SHA-512:3EAB356A0EC8338755FA7597BE8A20C0FBA0F06CB0516CDAED506C278D8F064093361F583DD9AEC74F20DBF8892E979E1706AE6992CE5A388F7EA99C1157E350
                      Malicious:false
                      Preview:........................................!..9../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):120
                      Entropy (8bit):3.32524464792714
                      Encrypted:false
                      SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                      MD5:A397E5983D4A1619E36143B4D804B870
                      SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                      SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                      SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                      Malicious:false
                      Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):13
                      Entropy (8bit):2.7192945256669794
                      Encrypted:false
                      SSDEEP:3:NYLFRQI:ap2I
                      MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                      SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                      SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                      SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                      Malicious:false
                      Preview:117.0.2045.47

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28255.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28294.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28776.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF287e3.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2abb7.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2cb35.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2cb93.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2cbb2.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2eb12.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2eb21.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF394fe.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3bc0e.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f406.TMP (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):0.5963118027796015
                      Encrypted:false
                      SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                      MD5:48A6A0713B06707BC2FE9A0F381748D3
                      SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                      SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                      SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):2031377
                      Entropy (8bit):4.00153895123396
                      Encrypted:false
                      SSDEEP:49152:fgPh2N/MR+DgVFIlq6hSN7X4Vrg+k+lzlVSf4YVxeUOolcKRayjH09bnwBXQ0a/j:/
                      MD5:8F0D40FC94902F900854833AC537AE3E
                      SHA1:1C7F3F05D1B60A4CF6DE0113951A58446E417BCA
                      SHA-256:56AAC9AB4105D68B27B94448279209D480C36FF0D1DECE41E1CFCADD2D4C8776
                      SHA-512:E871589B59D620214338763EA2BBE968C44F96D92D1BEE9E3267F8986C6B858D65157AE320E6F7F90D696BF14F2FD3E9D613663C30F03F64BA28802A33089B47
                      Malicious:false
                      Preview:.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):2031377
                      Entropy (8bit):4.00153895123396
                      Encrypted:false
                      SSDEEP:49152:fgPh2N/MR+DgVFIlq6hSN7X4Vrg+k+lzlVSf4YVxeUOolcKRayjH09bnwBXQ0a/j:/
                      MD5:8F0D40FC94902F900854833AC537AE3E
                      SHA1:1C7F3F05D1B60A4CF6DE0113951A58446E417BCA
                      SHA-256:56AAC9AB4105D68B27B94448279209D480C36FF0D1DECE41E1CFCADD2D4C8776
                      SHA-512:E871589B59D620214338763EA2BBE968C44F96D92D1BEE9E3267F8986C6B858D65157AE320E6F7F90D696BF14F2FD3E9D613663C30F03F64BA28802A33089B47
                      Malicious:false
                      Preview:.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.01057775872642915
                      Encrypted:false
                      SSDEEP:3:MsFl:/F
                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                      Malicious:false
                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):270336
                      Entropy (8bit):8.280239615765425E-4
                      Encrypted:false
                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.011852361981932763
                      Encrypted:false
                      SSDEEP:3:MsHlDll:/H
                      MD5:0962291D6D367570BEE5454721C17E11
                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):0.012340643231932763
                      Encrypted:false
                      SSDEEP:3:MsGl3ll:/y
                      MD5:41876349CB12D6DB992F1309F22DF3F0
                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                      Category:dropped
                      Size (bytes):262512
                      Entropy (8bit):9.553120663130604E-4
                      Encrypted:false
                      SSDEEP:3:LsNlQ5p/:Ls3Q
                      MD5:5699A1A3ABBD7434D1D89C986E1BBA5D
                      SHA1:DD611DF0F1E602FDFB96C255E0F8D3EDD03A663F
                      SHA-256:BED9F4EEEE5F2E30E03EEBAF009360BE7E4C8F2AB7CE0C998E9CB06EC251A00A
                      SHA-512:E1BA51B59A0D08D3C247E0E1FCCA5F00A367226D2C24DC756125FB17A3133AF3BAC76A4D0CEFECD4C94094926B3CA52FD005C91637AB7F0351298C02C033E71D
                      Malicious:false
                      Preview:........................................4..9../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):47
                      Entropy (8bit):4.3818353308528755
                      Encrypted:false
                      SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                      MD5:48324111147DECC23AC222A361873FC5
                      SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                      SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                      SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                      Malicious:false
                      Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):35
                      Entropy (8bit):4.014438730983427
                      Encrypted:false
                      SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                      MD5:BB57A76019EADEDC27F04EB2FB1F1841
                      SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                      SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                      SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                      Malicious:false
                      Preview:{"forceServiceDetermination":false}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):29
                      Entropy (8bit):3.922828737239167
                      Encrypted:false
                      SSDEEP:3:2NGw+K+:fwZ+
                      MD5:7BAAFE811F480ACFCCCEE0D744355C79
                      SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                      SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                      SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                      Malicious:false
                      Preview:customSynchronousLookupUris_0

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):35302
                      Entropy (8bit):7.99333285466604
                      Encrypted:true
                      SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                      MD5:0E06E28C3536360DE3486B1A9E5195E8
                      SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                      SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                      SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                      Malicious:false
                      Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):18
                      Entropy (8bit):3.5724312513221195
                      Encrypted:false
                      SSDEEP:3:kDnaV6bVon:kDYa2
                      MD5:5692162977B015E31D5F35F50EFAB9CF
                      SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                      SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                      SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                      Malicious:false
                      Preview:edgeSettings_2.0-0

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):3581
                      Entropy (8bit):4.459693941095613
                      Encrypted:false
                      SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                      MD5:BDE38FAE28EC415384B8CFE052306D6C
                      SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                      SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                      SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                      Malicious:false
                      Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):47
                      Entropy (8bit):4.493433469104717
                      Encrypted:false
                      SSDEEP:3:kfKbQSQSuLA5:kyUc5
                      MD5:3F90757B200B52DCF5FDAC696EFD3D60
                      SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                      SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                      SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                      Malicious:false
                      Preview:synchronousLookupUris_636976985063396749.rel.v2

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):35302
                      Entropy (8bit):7.99333285466604
                      Encrypted:true
                      SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                      MD5:0E06E28C3536360DE3486B1A9E5195E8
                      SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                      SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                      SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                      Malicious:false
                      Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):50
                      Entropy (8bit):3.9904355005135823
                      Encrypted:false
                      SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                      MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                      SHA1:5AAAC173107C688C06944D746394C21535B0514B
                      SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                      SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                      Malicious:false
                      Preview:topTraffic_170540185939602997400506234197983529371

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):575056
                      Entropy (8bit):7.999649474060713
                      Encrypted:true
                      SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                      MD5:BE5D1A12C1644421F877787F8E76642D
                      SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                      SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                      SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                      Malicious:false
                      Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):86
                      Entropy (8bit):4.389669793590032
                      Encrypted:false
                      SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                      MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                      SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                      SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                      SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                      Malicious:false
                      Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a367e550-c33d-4320-b992-a4d2841d828b.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):8090
                      Entropy (8bit):5.810896495432612
                      Encrypted:false
                      SSDEEP:192:asNAPJeiRUVdUQjlkGL6qRAq1k8SPxVLZ7VTiq:asNAhW5j2GL6q3QxVNZTiq
                      MD5:4A2B6ED5D4052436A6DB482A72C82AA2
                      SHA1:4646E79DB11778B8452713F7D276E261A7BF9A18
                      SHA-256:63E9AAA5EB27F9E34B48FF5FA9E41345BC830195B19EA48C3E4EA57CAE241315
                      SHA-512:D4DF574605C13EFF7269A4A3838A6975F657F405CEADDD85996A5908E7DD510EE307F508F11951AE46183E23B52180F5DC2AC293C4A781FA0C5D07761A38AE59
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bc06fe3d-af3b-4de0-86df-49ec394423a0.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):6820
                      Entropy (8bit):5.793014065293536
                      Encrypted:false
                      SSDEEP:96:iaqkHfngnl75ih/cI9URLl8RotoiWMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akPVeiRUV6hN6qRAq1k8SPxVLZ7VTiq
                      MD5:0CC9CD5DA224965BE701FDF5F4AB68C8
                      SHA1:4692DAD1D3DCA5017D7C8DECA22523F7859C130F
                      SHA-256:521F52979B64A89B9E44239BDB813CB871ABB25C4E8362DD159EFA4B7C52A3A0
                      SHA-512:C334C7B4291DFBFB28D1C44664C21164413D7B84CB6A3AC8B343CEF7C5260BCEFCD15BBB21B96A7006BE82D0DE4170B051DFF79C6FF4D9875F3CEBBD9C1A7073
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADMAf3TwCT2SYQk2IpWsQysEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABBuiD9II39cGcOiJaBnvTA1Lb2SkPB6KPG9SJkyx/SxQAAAAA

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d58a934c-f3ae-4572-8ff9-04e54f49f249.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):22924
                      Entropy (8bit):6.046318260516556
                      Encrypted:false
                      SSDEEP:384:KtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhSAlSuGTXVKl21RQ5m:uMGQ7FCYXGIgtDAWtJ4n10gSuGTX4D0
                      MD5:3B7A300B855CC97204DAAD303E701078
                      SHA1:1FA61D2EFD6BEC1AB249CD0F63F423FF530E2E17
                      SHA-256:6362089DA6EDD0EA7F188EF92446DA0FBCC6C5804D5A2AF393EA5279041B34BB
                      SHA-512:0D1DB493397D1AE0F370444CCB2FFE3566C4B1153585EF8FDF4031EE96AE82FE635B26BED5159877FB804A707430E8DCA187E302095E649FAF2E5346AE4E7094
                      Malicious:false
                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369967873604143","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e2199188-919e-47ea-abe7-eee44274cee7.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):8090
                      Entropy (8bit):5.810896495432612
                      Encrypted:false
                      SSDEEP:192:asNAPJeiRUVdUQjlkGL6qRAq1k8SPxVLZ7VTiq:asNAhW5j2GL6q3QxVNZTiq
                      MD5:4A2B6ED5D4052436A6DB482A72C82AA2
                      SHA1:4646E79DB11778B8452713F7D276E261A7BF9A18
                      SHA-256:63E9AAA5EB27F9E34B48FF5FA9E41345BC830195B19EA48C3E4EA57CAE241315
                      SHA-512:D4DF574605C13EFF7269A4A3838A6975F657F405CEADDD85996A5908E7DD510EE307F508F11951AE46183E23B52180F5DC2AC293C4A781FA0C5D07761A38AE59
                      Malicious:false
                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ff17f3d8-93bb-4745-883c-21848a0f9e5b.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):25052
                      Entropy (8bit):6.030982865873554
                      Encrypted:false
                      SSDEEP:768:uMGQ7FCYXGIgtDAWtJ4V10goO5ZAyMuGTX4D0:uMGQ5XMBG1YID0
                      MD5:8B300BAE5B7BFA7DDA9CB9F03A8FB978
                      SHA1:B40ACC3DB5EEFBE8F402DC09F4E4F8ED8892F5FB
                      SHA-256:838636224F23735E38D25AE796F5C42F4BC4BD6FB524277A1590A26D726B5809
                      SHA-512:03ECD7DA57430351FEECC5D054A973BA47D9E84BBCF79652EAADAFC2B3AF1BAED326D4E1448A4A04972DD595EB229EBD855B6C3C9F2D0D2D5050CE9B6DB73699
                      Malicious:false
                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369967873604143","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):2278
                      Entropy (8bit):3.828833825508213
                      Encrypted:false
                      SSDEEP:48:uiTrlKxrgxexl9Il8uIWHG+f8rw06fyinUFkosE5zd1rc:mfYjm0pJUFQEm
                      MD5:4BC51B744B893919A038AA2CA3267946
                      SHA1:7BB1E9847AB5EE052544247BA4963B54735FE00C
                      SHA-256:BF8DACCDDD63E6C193339E19ED14FC401618930EC8EC8552DC94B430DB66867F
                      SHA-512:6594D0A81231DBA1588013BDF6541E229896B69CF2224BEE489FC39F893555730DA3DEF59AA2403FC70797A4FB5387E8756274A7139FF31ED84BA55721993925
                      Malicious:false
                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.N.h.v.p.S.7./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.z.A.H.9.0.8.

                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4622
                      Entropy (8bit):3.999855978940223
                      Encrypted:false
                      SSDEEP:96:+YHLfhRAWGhWw+jeJQHif2/aI0M+WkxtheNJ9JqAl:+sfh/3w9aHieX0M+nixJqQ
                      MD5:6CB022558585EA4EF7C0E3753CD9F6E4
                      SHA1:04F6934B6CD5213852B0B07318C9A52079FFA5C7
                      SHA-256:07DDFDA5CE79DD8D118BFE8ED0710EBA3A8E964C5DCCD74D88D6F52897083302
                      SHA-512:5567367E58C04A77AC565D7639AEAA076F6862F35192C80EBEFA3F492682668343B597F660E05B5DA5212A19EB2905FFB7592D9413B103159D0943A9CE5FCEB1
                      Malicious:false
                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".M.Z.7.o.i.i.b./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.z.A.H.9.0.8.

                      C:\Users\user\AppData\Local\Temp\2055d197-b8bf-476a-8180-31b5e761a148.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:Google Chrome extension, version 3
                      Category:dropped
                      Size (bytes):135751
                      Entropy (8bit):7.804610863392373
                      Encrypted:false
                      SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                      MD5:83EF25FBEE6866A64F09323BFE1536E0
                      SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                      SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                      SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                      Malicious:false
                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                      C:\Users\user\AppData\Local\Temp\22c46dd8-6e67-4c1e-b8b8-46ce62181ceb.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 695310
                      Category:dropped
                      Size (bytes):530048
                      Entropy (8bit):7.998128581277609
                      Encrypted:true
                      SSDEEP:12288:Ufv7zfAegwBbeqMevgnEQLTluZBBd/VMf+xVmY6ZODxI8OlIc:UrvvBbUqxkT+BBL2+xVmYbD+8Op
                      MD5:FE8AE0850DEFE5B2250B7BDDE0EEE949
                      SHA1:F8A68AA9CC238FAF8C7D0546CBCD1A206CBE5FB6
                      SHA-256:D60BBEE44E4B40278EDC11EA4ED9D234B4AB559A43AE054721FD2326F9E92BCF
                      SHA-512:038DF0242ED2A882D88A24E14E4937A0A3CE37640AAA0F17EEF4C961BB119DE0BE599A549FB5C8D09DF4EF80BF35EF8605339180042D6A125D0D0788CA4C99B7
                      Malicious:false
                      Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                      C:\Users\user\AppData\Local\Temp\5f673d21-bfe5-4a1b-97d8-597e95c2a38d.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                      Category:dropped
                      Size (bytes):206855
                      Entropy (8bit):7.983996634657522
                      Encrypted:false
                      SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                      MD5:788DF0376CE061534448AA17288FEA95
                      SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                      SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                      SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                      Malicious:false
                      Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                      C:\Users\user\AppData\Local\Temp\7bd65f08-a67b-465c-927f-30958b0011f7.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                      Category:dropped
                      Size (bytes):76319
                      Entropy (8bit):7.996132588300074
                      Encrypted:true
                      SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                      MD5:24439F0E82F6A60E541FB2697F02043F
                      SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                      SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                      SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                      Malicious:false
                      Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                      C:\Users\user\AppData\Local\Temp\93933a57-0744-4a06-a0ef-1d48c2248d48.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:L:L
                      MD5:5058F1AF8388633F609CADB75A75DC9D
                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                      Malicious:false
                      Preview:.

                      C:\Users\user\AppData\Local\Temp\a243b69a-4501-4504-b728-8e31ac9f4a46.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:Google Chrome extension, version 3
                      Category:dropped
                      Size (bytes):11185
                      Entropy (8bit):7.951995436832936
                      Encrypted:false
                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                      Malicious:false
                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                      C:\Users\user\AppData\Local\Temp\cv_debug.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):353
                      Entropy (8bit):5.359180477996448
                      Encrypted:false
                      SSDEEP:6:YEH4ihL56s/uH4NhsgWRXHJJQJjDrwv/uH45cvp56s/C:YA4s56s/u4NhIHJJ0Dkv/u4Cvp56s/C
                      MD5:5C1CCC07944A422343FE8331F328F02F
                      SHA1:4F018E7B328D317D00D9A77189E43C0B8FB1CD22
                      SHA-256:0A75596FF3E34F62E3C704CBC64C0C14BDD0FED5D67E82C2131039C6B3C9B0DE
                      SHA-512:D8D98E33FA9FDB3BED1B8E169D146FC795D4E0756821A557E6DF91A8E34F467434A32C3AE02F6998D85F3AA08E717CA751ECD21153B48AA1F9B9F78E5144E482
                      Malicious:false
                      Preview:{"logTime": "0904/235759", "correlationVector":"PkeIZsBADmRnNNFoBHQxCK","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0904/235759", "correlationVector":"444272BB8A944BD2BFC283489B1053E2","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0904/235759", "correlationVector":"nWefcn5wXhtkjHvrl3By++","action":"EXTENSION_UPDATER", "result":""}.

                      C:\Users\user\AppData\Local\Temp\e735166e-d7d3-4492-9e34-20931cabc27e.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:L:L
                      MD5:5058F1AF8388633F609CADB75A75DC9D
                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                      Malicious:false
                      Preview:.

                      C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):0.4593089050301797
                      Encrypted:false
                      SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                      MD5:D910AD167F0217587501FDCDB33CC544
                      SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                      SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                      SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                      Malicious:false
                      Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_190205872\CRX_INSTALL\_metadata\verified_contents.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1753
                      Entropy (8bit):5.8889033066924155
                      Encrypted:false
                      SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                      MD5:738E757B92939B24CDBBD0EFC2601315
                      SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                      SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                      SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                      Malicious:false
                      Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_190205872\CRX_INSTALL\content.js

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                      Category:dropped
                      Size (bytes):9815
                      Entropy (8bit):6.1716321262973315
                      Encrypted:false
                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                      MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                      SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                      SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                      SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                      Malicious:false
                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_190205872\CRX_INSTALL\content_new.js

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                      Category:dropped
                      Size (bytes):10388
                      Entropy (8bit):6.174387413738973
                      Encrypted:false
                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                      MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                      SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                      SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                      SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                      Malicious:false
                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_190205872\CRX_INSTALL\manifest.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):962
                      Entropy (8bit):5.698567446030411
                      Encrypted:false
                      SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                      MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                      SHA1:2356F60884130C86A45D4B232A26062C7830E622
                      SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                      SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                      Malicious:false
                      Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_190205872\a243b69a-4501-4504-b728-8e31ac9f4a46.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:Google Chrome extension, version 3
                      Category:dropped
                      Size (bytes):11185
                      Entropy (8bit):7.951995436832936
                      Encrypted:false
                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                      Malicious:false
                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\2055d197-b8bf-476a-8180-31b5e761a148.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:Google Chrome extension, version 3
                      Category:dropped
                      Size (bytes):135751
                      Entropy (8bit):7.804610863392373
                      Encrypted:false
                      SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                      MD5:83EF25FBEE6866A64F09323BFE1536E0
                      SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                      SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                      SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                      Malicious:false
                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\128.png

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):4982
                      Entropy (8bit):7.929761711048726
                      Encrypted:false
                      SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                      MD5:913064ADAAA4C4FA2A9D011B66B33183
                      SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                      SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                      SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                      Malicious:false
                      Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\af\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):908
                      Entropy (8bit):4.512512697156616
                      Encrypted:false
                      SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                      MD5:12403EBCCE3AE8287A9E823C0256D205
                      SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                      SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                      SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\am\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1285
                      Entropy (8bit):4.702209356847184
                      Encrypted:false
                      SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                      MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                      SHA1:58979859B28513608626B563138097DC19236F1F
                      SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                      SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ar\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1244
                      Entropy (8bit):4.5533961615623735
                      Encrypted:false
                      SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                      MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                      SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                      SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                      SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\az\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):977
                      Entropy (8bit):4.867640976960053
                      Encrypted:false
                      SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                      MD5:9A798FD298008074E59ECC253E2F2933
                      SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                      SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                      SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\be\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):3107
                      Entropy (8bit):3.535189746470889
                      Encrypted:false
                      SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                      MD5:68884DFDA320B85F9FC5244C2DD00568
                      SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                      SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                      SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                      Malicious:false
                      Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\bg\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1389
                      Entropy (8bit):4.561317517930672
                      Encrypted:false
                      SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                      MD5:2E6423F38E148AC5A5A041B1D5989CC0
                      SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                      SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                      SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\bn\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1763
                      Entropy (8bit):4.25392954144533
                      Encrypted:false
                      SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                      MD5:651375C6AF22E2BCD228347A45E3C2C9
                      SHA1:109AC3A912326171D77869854D7300385F6E628C
                      SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                      SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ca\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):930
                      Entropy (8bit):4.569672473374877
                      Encrypted:false
                      SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                      MD5:D177261FFE5F8AB4B3796D26835F8331
                      SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                      SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                      SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\cs\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):913
                      Entropy (8bit):4.947221919047
                      Encrypted:false
                      SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                      MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                      SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                      SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                      SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\cy\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):806
                      Entropy (8bit):4.815663786215102
                      Encrypted:false
                      SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                      MD5:A86407C6F20818972B80B9384ACFBBED
                      SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                      SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                      SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                      Malicious:false
                      Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\da\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):883
                      Entropy (8bit):4.5096240460083905
                      Encrypted:false
                      SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                      MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                      SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                      SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                      SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\de\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1031
                      Entropy (8bit):4.621865814402898
                      Encrypted:false
                      SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                      MD5:D116453277CC860D196887CEC6432FFE
                      SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                      SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                      SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\el\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1613
                      Entropy (8bit):4.618182455684241
                      Encrypted:false
                      SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                      MD5:9ABA4337C670C6349BA38FDDC27C2106
                      SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                      SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                      SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\en\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):851
                      Entropy (8bit):4.4858053753176526
                      Encrypted:false
                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\en_CA\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):851
                      Entropy (8bit):4.4858053753176526
                      Encrypted:false
                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\en_GB\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):848
                      Entropy (8bit):4.494568170878587
                      Encrypted:false
                      SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                      MD5:3734D498FB377CF5E4E2508B8131C0FA
                      SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                      SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                      SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\en_US\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1425
                      Entropy (8bit):4.461560329690825
                      Encrypted:false
                      SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                      MD5:578215FBB8C12CB7E6CD73FBD16EC994
                      SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                      SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                      SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                      Malicious:false
                      Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\es\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):961
                      Entropy (8bit):4.537633413451255
                      Encrypted:false
                      SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                      MD5:F61916A206AC0E971CDCB63B29E580E3
                      SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                      SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                      SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\es_419\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):959
                      Entropy (8bit):4.570019855018913
                      Encrypted:false
                      SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                      MD5:535331F8FB98894877811B14994FEA9D
                      SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                      SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                      SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\et\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):968
                      Entropy (8bit):4.633956349931516
                      Encrypted:false
                      SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                      MD5:64204786E7A7C1ED9C241F1C59B81007
                      SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                      SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                      SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\eu\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):838
                      Entropy (8bit):4.4975520913636595
                      Encrypted:false
                      SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                      MD5:29A1DA4ACB4C9D04F080BB101E204E93
                      SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                      SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                      SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                      Malicious:false
                      Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\fa\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1305
                      Entropy (8bit):4.673517697192589
                      Encrypted:false
                      SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                      MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                      SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                      SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                      SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\fi\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):911
                      Entropy (8bit):4.6294343834070935
                      Encrypted:false
                      SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                      MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                      SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                      SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                      SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\fil\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):939
                      Entropy (8bit):4.451724169062555
                      Encrypted:false
                      SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                      MD5:FCEA43D62605860FFF41BE26BAD80169
                      SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                      SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                      SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\fr\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):977
                      Entropy (8bit):4.622066056638277
                      Encrypted:false
                      SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                      MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                      SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                      SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                      SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\fr_CA\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):972
                      Entropy (8bit):4.621319511196614
                      Encrypted:false
                      SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                      MD5:6CAC04BDCC09034981B4AB567B00C296
                      SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                      SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                      SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\gl\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):990
                      Entropy (8bit):4.497202347098541
                      Encrypted:false
                      SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                      MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                      SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                      SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                      SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\gu\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1658
                      Entropy (8bit):4.294833932445159
                      Encrypted:false
                      SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                      MD5:BC7E1D09028B085B74CB4E04D8A90814
                      SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                      SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                      SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\hi\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1672
                      Entropy (8bit):4.314484457325167
                      Encrypted:false
                      SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                      MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                      SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                      SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                      SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\hr\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):935
                      Entropy (8bit):4.6369398601609735
                      Encrypted:false
                      SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                      MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                      SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                      SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                      SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\hu\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1065
                      Entropy (8bit):4.816501737523951
                      Encrypted:false
                      SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                      MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                      SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                      SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                      SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\hy\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2771
                      Entropy (8bit):3.7629875118570055
                      Encrypted:false
                      SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                      MD5:55DE859AD778E0AA9D950EF505B29DA9
                      SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                      SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                      SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                      Malicious:false
                      Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\id\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):858
                      Entropy (8bit):4.474411340525479
                      Encrypted:false
                      SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                      MD5:34D6EE258AF9429465AE6A078C2FB1F5
                      SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                      SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                      SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\is\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):954
                      Entropy (8bit):4.631887382471946
                      Encrypted:false
                      SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                      MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                      SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                      SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                      SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                      Malicious:false
                      Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\it\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):899
                      Entropy (8bit):4.474743599345443
                      Encrypted:false
                      SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                      MD5:0D82B734EF045D5FE7AA680B6A12E711
                      SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                      SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                      SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\iw\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2230
                      Entropy (8bit):3.8239097369647634
                      Encrypted:false
                      SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                      MD5:26B1533C0852EE4661EC1A27BD87D6BF
                      SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                      SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                      SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                      Malicious:false
                      Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ja\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1160
                      Entropy (8bit):5.292894989863142
                      Encrypted:false
                      SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                      MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                      SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                      SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                      SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ka\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):3264
                      Entropy (8bit):3.586016059431306
                      Encrypted:false
                      SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                      MD5:83F81D30913DC4344573D7A58BD20D85
                      SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                      SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                      SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                      Malicious:false
                      Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\kk\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):3235
                      Entropy (8bit):3.6081439490236464
                      Encrypted:false
                      SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                      MD5:2D94A58795F7B1E6E43C9656A147AD3C
                      SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                      SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                      SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                      Malicious:false
                      Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\km\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):3122
                      Entropy (8bit):3.891443295908904
                      Encrypted:false
                      SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                      MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                      SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                      SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                      SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                      Malicious:false
                      Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\kn\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1880
                      Entropy (8bit):4.295185867329351
                      Encrypted:false
                      SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                      MD5:8E16966E815C3C274EEB8492B1EA6648
                      SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                      SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                      SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ko\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1042
                      Entropy (8bit):5.3945675025513955
                      Encrypted:false
                      SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                      MD5:F3E59EEEB007144EA26306C20E04C292
                      SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                      SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                      SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\lo\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2535
                      Entropy (8bit):3.8479764584971368
                      Encrypted:false
                      SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                      MD5:E20D6C27840B406555E2F5091B118FC5
                      SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                      SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                      SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                      Malicious:false
                      Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\lt\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1028
                      Entropy (8bit):4.797571191712988
                      Encrypted:false
                      SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                      MD5:970544AB4622701FFDF66DC556847652
                      SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                      SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                      SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\lv\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):994
                      Entropy (8bit):4.700308832360794
                      Encrypted:false
                      SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                      MD5:A568A58817375590007D1B8ABCAEBF82
                      SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                      SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                      SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ml\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2091
                      Entropy (8bit):4.358252286391144
                      Encrypted:false
                      SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                      MD5:4717EFE4651F94EFF6ACB6653E868D1A
                      SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                      SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                      SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\mn\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2778
                      Entropy (8bit):3.595196082412897
                      Encrypted:false
                      SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                      MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                      SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                      SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                      SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                      Malicious:false
                      Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\mr\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1719
                      Entropy (8bit):4.287702203591075
                      Encrypted:false
                      SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                      MD5:3B98C4ED8874A160C3789FEAD5553CFA
                      SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                      SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                      SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ms\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):936
                      Entropy (8bit):4.457879437756106
                      Encrypted:false
                      SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                      MD5:7D273824B1E22426C033FF5D8D7162B7
                      SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                      SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                      SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\my\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):3830
                      Entropy (8bit):3.5483353063347587
                      Encrypted:false
                      SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                      MD5:342335A22F1886B8BC92008597326B24
                      SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                      SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                      SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                      Malicious:false
                      Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ne\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1898
                      Entropy (8bit):4.187050294267571
                      Encrypted:false
                      SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                      MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                      SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                      SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                      SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\nl\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):914
                      Entropy (8bit):4.513485418448461
                      Encrypted:false
                      SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                      MD5:32DF72F14BE59A9BC9777113A8B21DE6
                      SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                      SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                      SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\no\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):878
                      Entropy (8bit):4.4541485835627475
                      Encrypted:false
                      SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                      MD5:A1744B0F53CCF889955B95108367F9C8
                      SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                      SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                      SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\pa\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2766
                      Entropy (8bit):3.839730779948262
                      Encrypted:false
                      SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                      MD5:97F769F51B83D35C260D1F8CFD7990AF
                      SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                      SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                      SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                      Malicious:false
                      Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\pl\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):978
                      Entropy (8bit):4.879137540019932
                      Encrypted:false
                      SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                      MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                      SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                      SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                      SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\pt_BR\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):907
                      Entropy (8bit):4.599411354657937
                      Encrypted:false
                      SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                      MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                      SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                      SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                      SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\pt_PT\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):914
                      Entropy (8bit):4.604761241355716
                      Encrypted:false
                      SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                      MD5:0963F2F3641A62A78B02825F6FA3941C
                      SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                      SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                      SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ro\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):937
                      Entropy (8bit):4.686555713975264
                      Encrypted:false
                      SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                      MD5:BED8332AB788098D276B448EC2B33351
                      SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                      SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                      SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ru\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1337
                      Entropy (8bit):4.69531415794894
                      Encrypted:false
                      SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                      MD5:51D34FE303D0C90EE409A2397FCA437D
                      SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                      SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                      SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\si\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2846
                      Entropy (8bit):3.7416822879702547
                      Encrypted:false
                      SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                      MD5:B8A4FD612534A171A9A03C1984BB4BDD
                      SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                      SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                      SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                      Malicious:false
                      Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\sk\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):934
                      Entropy (8bit):4.882122893545996
                      Encrypted:false
                      SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                      MD5:8E55817BF7A87052F11FE554A61C52D5
                      SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                      SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                      SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\sl\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):963
                      Entropy (8bit):4.6041913416245
                      Encrypted:false
                      SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                      MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                      SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                      SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                      SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\sr\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1320
                      Entropy (8bit):4.569671329405572
                      Encrypted:false
                      SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                      MD5:7F5F8933D2D078618496C67526A2B066
                      SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                      SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                      SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\sv\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):884
                      Entropy (8bit):4.627108704340797
                      Encrypted:false
                      SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                      MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                      SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                      SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                      SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\sw\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):980
                      Entropy (8bit):4.50673686618174
                      Encrypted:false
                      SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                      MD5:D0579209686889E079D87C23817EDDD5
                      SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                      SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                      SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ta\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1941
                      Entropy (8bit):4.132139619026436
                      Encrypted:false
                      SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                      MD5:DCC0D1725AEAEAAF1690EF8053529601
                      SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                      SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                      SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\te\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1969
                      Entropy (8bit):4.327258153043599
                      Encrypted:false
                      SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                      MD5:385E65EF723F1C4018EEE6E4E56BC03F
                      SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                      SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                      SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\th\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1674
                      Entropy (8bit):4.343724179386811
                      Encrypted:false
                      SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                      MD5:64077E3D186E585A8BEA86FF415AA19D
                      SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                      SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                      SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\tr\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1063
                      Entropy (8bit):4.853399816115876
                      Encrypted:false
                      SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                      MD5:76B59AAACC7B469792694CF3855D3F4C
                      SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                      SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                      SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\uk\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1333
                      Entropy (8bit):4.686760246306605
                      Encrypted:false
                      SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                      MD5:970963C25C2CEF16BB6F60952E103105
                      SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                      SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                      SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\ur\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1263
                      Entropy (8bit):4.861856182762435
                      Encrypted:false
                      SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                      MD5:8B4DF6A9281333341C939C244DDB7648
                      SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                      SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                      SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\vi\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1074
                      Entropy (8bit):5.062722522759407
                      Encrypted:false
                      SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                      MD5:773A3B9E708D052D6CBAA6D55C8A5438
                      SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                      SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                      SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\zh_CN\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):879
                      Entropy (8bit):5.7905809868505544
                      Encrypted:false
                      SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                      MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                      SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                      SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                      SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\zh_HK\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1205
                      Entropy (8bit):4.50367724745418
                      Encrypted:false
                      SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                      MD5:524E1B2A370D0E71342D05DDE3D3E774
                      SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                      SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                      SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                      Malicious:false
                      Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\zh_TW\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):843
                      Entropy (8bit):5.76581227215314
                      Encrypted:false
                      SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                      MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                      SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                      SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                      SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                      Malicious:false
                      Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_locales\zu\messages.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):912
                      Entropy (8bit):4.65963951143349
                      Encrypted:false
                      SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                      MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                      SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                      SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                      SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                      Malicious:false
                      Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\_metadata\verified_contents.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):11280
                      Entropy (8bit):5.754230909218899
                      Encrypted:false
                      SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                      MD5:BE5DB35513DDEF454CE3502B6418B9B4
                      SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                      SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                      SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                      Malicious:false
                      Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\dasherSettingSchema.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):854
                      Entropy (8bit):4.284628987131403
                      Encrypted:false
                      SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                      MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                      SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                      SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                      SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                      Malicious:false
                      Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\manifest.json

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2525
                      Entropy (8bit):5.417689528134667
                      Encrypted:false
                      SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                      MD5:10FF8E5B674311683D27CE1879384954
                      SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                      SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                      SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                      Malicious:false
                      Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\offscreendocument.html

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:HTML document, ASCII text
                      Category:dropped
                      Size (bytes):97
                      Entropy (8bit):4.862433271815736
                      Encrypted:false
                      SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                      MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                      SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                      SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                      SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                      Malicious:false
                      Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\offscreendocument_main.js

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text, with very long lines (4369)
                      Category:dropped
                      Size (bytes):95567
                      Entropy (8bit):5.4016395763198135
                      Encrypted:false
                      SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                      MD5:09AF2D8CFA8BF1078101DA78D09C4174
                      SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                      SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                      SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                      Malicious:false
                      Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\page_embed_script.js

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):4.65176400421739
                      Encrypted:false
                      SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                      MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                      SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                      SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                      SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                      Malicious:false
                      Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                      C:\Users\user\AppData\Local\Temp\scoped_dir8044_896148097\CRX_INSTALL\service_worker_bin_prod.js

                      Download File
                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      File Type:ASCII text, with very long lines (4369)
                      Category:dropped
                      Size (bytes):103988
                      Entropy (8bit):5.389407461078688
                      Encrypted:false
                      SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                      MD5:EA946F110850F17E637B15CF22B82837
                      SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                      SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                      SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                      Malicious:false
                      Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                      C:\Users\user\AppData\Local\Temp\tmpaddon

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                      Category:dropped
                      Size (bytes):453023
                      Entropy (8bit):7.997718157581587
                      Encrypted:true
                      SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                      MD5:85430BAED3398695717B0263807CF97C
                      SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                      SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                      SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                      Malicious:false
                      Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):24
                      Entropy (8bit):3.91829583405449
                      Encrypted:false
                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                      MD5:3088F0272D29FAA42ED452C5E8120B08
                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                      Malicious:false
                      Preview:{"schema":6,"addons":[]}

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):24
                      Entropy (8bit):3.91829583405449
                      Encrypted:false
                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                      MD5:3088F0272D29FAA42ED452C5E8120B08
                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                      Malicious:false
                      Preview:{"schema":6,"addons":[]}

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                      Category:dropped
                      Size (bytes):66
                      Entropy (8bit):4.837595020998689
                      Encrypted:false
                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                      Malicious:false
                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                      Category:dropped
                      Size (bytes):66
                      Entropy (8bit):4.837595020998689
                      Encrypted:false
                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                      Malicious:false
                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):36830
                      Entropy (8bit):5.185924656884556
                      Encrypted:false
                      SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                      MD5:5656BA69BD2966108A461AAE35F60226
                      SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                      SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                      SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                      Malicious:false
                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):36830
                      Entropy (8bit):5.185924656884556
                      Encrypted:false
                      SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                      MD5:5656BA69BD2966108A461AAE35F60226
                      SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                      SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                      SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                      Malicious:false
                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1021904
                      Entropy (8bit):6.648417932394748
                      Encrypted:false
                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                      MD5:FE3355639648C417E8307C6D051E3E37
                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Joe Sandbox View:
                      • Filename: file.exe, Detection: malicious, Browse
                      • Filename: file.exe, Detection: malicious, Browse
                      • Filename: file.exe, Detection: malicious, Browse
                      • Filename: file.exe, Detection: malicious, Browse
                      • Filename: file.exe, Detection: malicious, Browse
                      • Filename: file.exe, Detection: malicious, Browse
                      • Filename: file.exe, Detection: malicious, Browse
                      • Filename: file.exe, Detection: malicious, Browse
                      • Filename: file.exe, Detection: malicious, Browse
                      • Filename: file.exe, Detection: malicious, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1021904
                      Entropy (8bit):6.648417932394748
                      Encrypted:false
                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                      MD5:FE3355639648C417E8307C6D051E3E37
                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):116
                      Entropy (8bit):4.968220104601006
                      Encrypted:false
                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                      Malicious:false
                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):116
                      Entropy (8bit):4.968220104601006
                      Encrypted:false
                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                      Malicious:false
                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                      Category:modified
                      Size (bytes):11291
                      Entropy (8bit):5.530198249298615
                      Encrypted:false
                      SSDEEP:192:vqnaRtZYbBp6ihj4qyaaXy6K7sfGNBw8rYSl:legqO0scwp0
                      MD5:1CDFEB46949FA9471AA69B2EFAA03FBB
                      SHA1:9E1E58DF102634A8106CFC5561E985D79989FD93
                      SHA-256:B70F4DD8D065E3060E7FE0C6C10EB9568970D9077A03AC68BF0853116489A931
                      SHA-512:67E83DF020D86849728B430BC3AFA691441188C49E3A75B6F27A15B4EB8F21AF2B06DA6FD6B62D3DCBB465B3B0C27E663F9B4F5C8E6FF7B98FBB84A0037D8D99
                      Malicious:false
                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725500025);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725500025);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11291
                      Entropy (8bit):5.530198249298615
                      Encrypted:false
                      SSDEEP:192:vqnaRtZYbBp6ihj4qyaaXy6K7sfGNBw8rYSl:legqO0scwp0
                      MD5:1CDFEB46949FA9471AA69B2EFAA03FBB
                      SHA1:9E1E58DF102634A8106CFC5561E985D79989FD93
                      SHA-256:B70F4DD8D065E3060E7FE0C6C10EB9568970D9077A03AC68BF0853116489A931
                      SHA-512:67E83DF020D86849728B430BC3AFA691441188C49E3A75B6F27A15B4EB8F21AF2B06DA6FD6B62D3DCBB465B3B0C27E663F9B4F5C8E6FF7B98FBB84A0037D8D99
                      Malicious:false
                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725500025);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725500025);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):53
                      Entropy (8bit):4.136624295551173
                      Encrypted:false
                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                      MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                      SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                      SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                      SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                      Malicious:false
                      Preview:{"profile-after-change":true,"final-ui-startup":true}

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):53
                      Entropy (8bit):4.136624295551173
                      Encrypted:false
                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                      MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                      SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                      SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                      SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                      Malicious:false
                      Preview:{"profile-after-change":true,"final-ui-startup":true}

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:Mozilla lz4 compressed data, originally 301 bytes
                      Category:dropped
                      Size (bytes):275
                      Entropy (8bit):5.502273022573894
                      Encrypted:false
                      SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3S0wQGbktVvcoKJNzdDdCQ:vLz2S+EWDDoWqC+bfPK38QGbkvcoKRd9
                      MD5:97219B435CABA3950CC0DE1F71A74062
                      SHA1:9FE982F4C3B11B7E02CE58CB885F477A4038C936
                      SHA-256:1B2340B94A45984AE0A53A7A04474163A89846A30731A95ACCF1284E9C588917
                      SHA-512:D755ED234A4673594A94CB93035584F6E9002EC84397EB0A7BC1E5D0AD8DA4364F81E77FB3FED0CA697581D9D1E4FFAAAEF641CF72841AEBB942F064E4ADFBFB
                      Malicious:false
                      Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725500013706,"startTim...'499994134,"recentCrashes":0},"global":{},"cookies":[]}

                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                      File Type:Mozilla lz4 compressed data, originally 301 bytes
                      Category:dropped
                      Size (bytes):275
                      Entropy (8bit):5.502273022573894
                      Encrypted:false
                      SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3S0wQGbktVvcoKJNzdDdCQ:vLz2S+EWDDoWqC+bfPK38QGbkvcoKRd9
                      MD5:97219B435CABA3950CC0DE1F71A74062
                      SHA1:9FE982F4C3B11B7E02CE58CB885F477A4038C936
                      SHA-256:1B2340B94A45984AE0A53A7A04474163A89846A30731A95ACCF1284E9C588917
                      SHA-512:D755ED234A4673594A94CB93035584F6E9002EC84397EB0A7BC1E5D0AD8DA4364F81E77FB3FED0CA697581D9D1E4FFAAAEF641CF72841AEBB942F064E4ADFBFB
                      Malicious:false
                      Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725500013706,"startTim...'499994134,"recentCrashes":0},"global":{},"cookies":[]}

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Entropy (8bit):6.579625516224098
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.96%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:file.exe
                      File size:917'504 bytes
                      MD5:defd39769340947b16036d0ce301eacd
                      SHA1:4d4e3d6e99f2598237cc0560b0b7666e7d16ad43
                      SHA256:fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc
                      SHA512:a6d38bc9db6b2745c944f2867683a58b1488dd9741ffe0ebbf0f5bc5a30879e25bc2ca09348157fff5b27eba2f61794049efef952774cd7ca40516a596235841
                      SSDEEP:12288:7qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTV:7qDEvCTbMWu7rQYlBQcBiT6rprG8avV
                      TLSH:98159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                      File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                      File Icon

                      Icon Hash:aaf3e3e3938382a0

                      Static PE Info

                      General

                      Entrypoint:0x420577
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                      Time Stamp:0x66D8F2DF [Wed Sep 4 23:53:03 2024 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:5
                      OS Version Minor:1
                      File Version Major:5
                      File Version Minor:1
                      Subsystem Version Major:5
                      Subsystem Version Minor:1
                      Import Hash:948cc502fe9226992dce9417f952fce3

                      Entrypoint Preview

                      Instruction
                      call 00007F99A1114933h
                      jmp 00007F99A111423Fh
                      push ebp
                      mov ebp, esp
                      push esi
                      push dword ptr [ebp+08h]
                      mov esi, ecx
                      call 00007F99A111441Dh
                      mov dword ptr [esi], 0049FDF0h
                      mov eax, esi
                      pop esi
                      pop ebp
                      retn 0004h
                      and dword ptr [ecx+04h], 00000000h
                      mov eax, ecx
                      and dword ptr [ecx+08h], 00000000h
                      mov dword ptr [ecx+04h], 0049FDF8h
                      mov dword ptr [ecx], 0049FDF0h
                      ret
                      push ebp
                      mov ebp, esp
                      push esi
                      push dword ptr [ebp+08h]
                      mov esi, ecx
                      call 00007F99A11143EAh
                      mov dword ptr [esi], 0049FE0Ch
                      mov eax, esi
                      pop esi
                      pop ebp
                      retn 0004h
                      and dword ptr [ecx+04h], 00000000h
                      mov eax, ecx
                      and dword ptr [ecx+08h], 00000000h
                      mov dword ptr [ecx+04h], 0049FE14h
                      mov dword ptr [ecx], 0049FE0Ch
                      ret
                      push ebp
                      mov ebp, esp
                      push esi
                      mov esi, ecx
                      lea eax, dword ptr [esi+04h]
                      mov dword ptr [esi], 0049FDD0h
                      and dword ptr [eax], 00000000h
                      and dword ptr [eax+04h], 00000000h
                      push eax
                      mov eax, dword ptr [ebp+08h]
                      add eax, 04h
                      push eax
                      call 00007F99A1116FDDh
                      pop ecx
                      pop ecx
                      mov eax, esi
                      pop esi
                      pop ebp
                      retn 0004h
                      lea eax, dword ptr [ecx+04h]
                      mov dword ptr [ecx], 0049FDD0h
                      push eax
                      call 00007F99A1117028h
                      pop ecx
                      ret
                      push ebp
                      mov ebp, esp
                      push esi
                      mov esi, ecx
                      lea eax, dword ptr [esi+04h]
                      mov dword ptr [esi], 0049FDD0h
                      push eax
                      call 00007F99A1117011h
                      test byte ptr [ebp+08h], 00000001h
                      pop ecx

                      Rich Headers

                      Programming Language:
                      • [ C ] VS2008 SP1 build 30729
                      • [IMP] VS2008 SP1 build 30729

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .rsrc0xd40000x95000x96006aa40a605eb3d68bc396c574a2c51ec1False0.28109375data5.161428057831351IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                      RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                      RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                      RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                      RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                      RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                      RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                      RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                      RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                      RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                      RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                      RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                      RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                      RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                      RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                      RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                      RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                      RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                      RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                      RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                      RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                      RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                      RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                      RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                      RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                      RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                      Imports

                      DLLImport
                      WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                      VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                      COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                      MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                      WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                      PSAPI.DLLGetProcessMemoryInfo
                      IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                      USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                      UxTheme.dllIsThemeActive
                      KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                      USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                      GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                      ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                      SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                      ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                      OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      EnglishGreat Britain

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Sep 5, 2024 01:57:47.143623114 CEST49675443192.168.2.4173.222.162.32
                      Sep 5, 2024 01:57:56.793088913 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:56.793123960 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:56.793174028 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:56.793440104 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:56.793453932 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:56.849554062 CEST49675443192.168.2.4173.222.162.32
                      Sep 5, 2024 01:57:57.584461927 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.584727049 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.584748983 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.585107088 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.585119009 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.585155964 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.585163116 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.585187912 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.585212946 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.585800886 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.587371111 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.587429047 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.587547064 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.587552071 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.752170086 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.855144024 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.855180979 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.855398893 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.855413914 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.859263897 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.859308004 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.859314919 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.864787102 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.864825964 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.864830971 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.870392084 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.870439053 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.870444059 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.876662970 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.876857996 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.876863956 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.883053064 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.883100033 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.883105993 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.891495943 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.891561985 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.891566992 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.895659924 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.895714998 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.895723104 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.947431087 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.948714018 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.948786974 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.948817015 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.948827982 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.948834896 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.951270103 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.951275110 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.956581116 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.956609011 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.956650019 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.956655025 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.956701040 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.963022947 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.970804930 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.970846891 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.970854044 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.975295067 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.975325108 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.975362062 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.975368023 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.975413084 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.981831074 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.987967968 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.988008022 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.988033056 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.988040924 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:57.988786936 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:57.993740082 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.001211882 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.001250029 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.001251936 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.001260996 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.001295090 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.005109072 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.010586023 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.010624886 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.010646105 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.010653019 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.010709047 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.016038895 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.021527052 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.021568060 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.021572113 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.021576881 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.021656990 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.026982069 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.033597946 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.033694983 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.033700943 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.041158915 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.041189909 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.041203976 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.041208029 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.041429043 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.041433096 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.044042110 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.044070005 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.044091940 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.044097900 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.044133902 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.047497988 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.050961018 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.051029921 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.051079035 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.051085949 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.051392078 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.058176041 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.059400082 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.059468985 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.059474945 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.059484959 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.059515953 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.061383009 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.064754963 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.064882994 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.064918995 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.064929962 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.064985037 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.068358898 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.071758032 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.071794987 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.071799040 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.071804047 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.071842909 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.075251102 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.078655958 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.078739882 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.078766108 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.078772068 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.078841925 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.082235098 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.085897923 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.085954905 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.085961103 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.092102051 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.092138052 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.092147112 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.092153072 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.092190981 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.098067999 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.101972103 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.102075100 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.102123022 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.102130890 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.102232933 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.106306076 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.106355906 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.106390953 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.106401920 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.106406927 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.106446981 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.108458042 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.109616041 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.109646082 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.109671116 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.109675884 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.109711885 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.113928080 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.114015102 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.114062071 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.114068985 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.115850925 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.115910053 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.115916014 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.120426893 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:58.120527029 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.120641947 CEST49746443192.168.2.4216.58.206.65
                      Sep 5, 2024 01:57:58.120659113 CEST44349746216.58.206.65192.168.2.4
                      Sep 5, 2024 01:57:59.145288944 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:57:59.145318031 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:57:59.145471096 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:57:59.145905018 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:57:59.145915985 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:57:59.281006098 CEST49756443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:57:59.281033039 CEST44349756184.28.90.27192.168.2.4
                      Sep 5, 2024 01:57:59.281236887 CEST49756443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:57:59.282944918 CEST49756443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:57:59.282959938 CEST44349756184.28.90.27192.168.2.4
                      Sep 5, 2024 01:57:59.811827898 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:57:59.812293053 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:57:59.812310934 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:57:59.813163042 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:57:59.813215971 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:57:59.814472914 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:57:59.814527035 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:57:59.814646959 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:57:59.814655066 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:57:59.921016932 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:57:59.921041012 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:57:59.921093941 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:57:59.921108961 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:57:59.921118021 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:57:59.921154022 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:57:59.933820963 CEST44349756184.28.90.27192.168.2.4
                      Sep 5, 2024 01:57:59.938524008 CEST49756443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:57:59.959682941 CEST49756443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:57:59.959698915 CEST44349756184.28.90.27192.168.2.4
                      Sep 5, 2024 01:57:59.959956884 CEST44349756184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:00.007143974 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.007150888 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.007184029 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.007196903 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.009043932 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.009049892 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.009076118 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.011418104 CEST49764443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:00.011472940 CEST4434976435.190.72.216192.168.2.4
                      Sep 5, 2024 01:58:00.013510942 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.013529062 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.013569117 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.013634920 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.013641119 CEST49764443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:00.021576881 CEST49764443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:00.021590948 CEST4434976435.190.72.216192.168.2.4
                      Sep 5, 2024 01:58:00.026315928 CEST49756443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:00.068506956 CEST44349756184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:00.100287914 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.100306988 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.100497007 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.100543022 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.101821899 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.101821899 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.120563984 CEST49765443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.120583057 CEST44349765172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.120805979 CEST49766443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:00.120832920 CEST44349766162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:00.120876074 CEST49765443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.121052980 CEST49765443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.121072054 CEST44349765172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.121090889 CEST49766443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:00.121200085 CEST49766443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:00.121210098 CEST44349766162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:00.123259068 CEST49755443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.123277903 CEST4434975513.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.218271971 CEST44349756184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:00.218337059 CEST44349756184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:00.218461990 CEST49756443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:00.218583107 CEST49756443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:00.218592882 CEST44349756184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:00.218602896 CEST49756443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:00.218606949 CEST44349756184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:00.249171972 CEST49767443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.249186039 CEST44349767172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.250402927 CEST49767443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.252290010 CEST49767443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.252302885 CEST44349767172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.257669926 CEST49768443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:00.257697105 CEST44349768184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:00.257755995 CEST49768443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:00.258059025 CEST49768443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:00.258070946 CEST44349768184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:00.373980999 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.373995066 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.374195099 CEST49770443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.374202013 CEST4434977013.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.374303102 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.374907017 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.374917030 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.375603914 CEST49770443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.375910997 CEST49770443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:00.375922918 CEST4434977013.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:00.503869057 CEST4434976435.190.72.216192.168.2.4
                      Sep 5, 2024 01:58:00.504018068 CEST49764443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:00.527808905 CEST49764443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:00.527821064 CEST4434976435.190.72.216192.168.2.4
                      Sep 5, 2024 01:58:00.527940035 CEST49764443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:00.527980089 CEST4434976435.190.72.216192.168.2.4
                      Sep 5, 2024 01:58:00.537234068 CEST49764443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:00.606038094 CEST44349765172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.608148098 CEST44349766162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:00.610918999 CEST49766443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:00.610934019 CEST44349766162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:00.611015081 CEST49765443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.611023903 CEST44349765172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.611887932 CEST44349765172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.612112045 CEST44349766162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:00.613699913 CEST49765443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.613827944 CEST49766443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:00.614671946 CEST49766443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:00.614736080 CEST44349766162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:00.615125895 CEST49766443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:00.615401030 CEST49765443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.615456104 CEST44349765172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.615514040 CEST49765443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.660499096 CEST44349765172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.660521984 CEST44349766162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:00.715670109 CEST44349767172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.716145039 CEST49767443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.716157913 CEST44349767172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.717341900 CEST44349767172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.717400074 CEST49767443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.718334913 CEST49767443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.718398094 CEST44349767172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.718508959 CEST49767443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.722549915 CEST44349765172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.722805977 CEST49765443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.723658085 CEST49765443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.723664999 CEST44349765172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.734426022 CEST44349766162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:00.736995935 CEST49766443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:00.737333059 CEST49766443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:00.737340927 CEST44349766162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:00.764492035 CEST44349767172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.824197054 CEST49767443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.824204922 CEST44349767172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.855664968 CEST44349767172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.855710983 CEST49767443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.855892897 CEST49767443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:00.855899096 CEST44349767172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:00.918374062 CEST44349768184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:00.921499968 CEST49768443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:00.935091972 CEST49768443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:00.935108900 CEST44349768184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:00.935360909 CEST44349768184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:00.936309099 CEST49768443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:00.946850061 CEST4977180192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:00.951664925 CEST804977134.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:00.952621937 CEST4977180192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:00.954713106 CEST4977180192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:00.961133957 CEST804977134.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:00.976501942 CEST44349768184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:01.042845011 CEST4434977013.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.044419050 CEST49770443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.044434071 CEST4434977013.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.044785023 CEST4434977013.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.045898914 CEST49770443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.045963049 CEST4434977013.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.046070099 CEST49770443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.059115887 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.063730001 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.063740015 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.064116955 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.064764023 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.064826965 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.064899921 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.092500925 CEST4434977013.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.108505011 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.146941900 CEST4434977013.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.146976948 CEST4434977013.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.147008896 CEST4434977013.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.156995058 CEST49770443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.198074102 CEST44349768184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:01.198144913 CEST44349768184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:01.208954096 CEST49768443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:01.209511995 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.209530115 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.220489025 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.223867893 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.223880053 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.238802910 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.296262980 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.296273947 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.296313047 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.296324968 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.296339989 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.296346903 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.297612906 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.297621965 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.297643900 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.297652006 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.297660112 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.297672987 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.298809052 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.304958105 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.304965973 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.319740057 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.386030912 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.386042118 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.386073112 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.387247086 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.387273073 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.387280941 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.388202906 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.388241053 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.388251066 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.388284922 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.389162064 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.389179945 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.389202118 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.391803980 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.391813993 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.406771898 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.421777010 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.423353910 CEST804977134.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:01.433265924 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.437160015 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.452260017 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.472635984 CEST6145253192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:01.476711988 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.476728916 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.477420092 CEST53614521.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:01.477504015 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.477535963 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.478040934 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.478055000 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.478852987 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.478869915 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.479764938 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.479801893 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.480494976 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.480525970 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.481417894 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.481431961 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.487857103 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.487864971 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.488377094 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.488377094 CEST6145253192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:01.488377094 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.492441893 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.507102013 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.510226965 CEST6145253192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:01.510772943 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.510828972 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.510863066 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.510902882 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.510941029 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.515160084 CEST53614521.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:01.517004013 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.517090082 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.517225027 CEST49770443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.517232895 CEST4434977013.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.532928944 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.532946110 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.537587881 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.537595987 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.540463924 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.540550947 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.541344881 CEST6145380192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:01.546148062 CEST806145334.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:01.546802044 CEST6145380192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:01.546951056 CEST6145380192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:01.551790953 CEST806145334.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:01.567361116 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.567375898 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.567542076 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.567548990 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.568245888 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.568272114 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.568952084 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.568964958 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.569600105 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.569631100 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.569675922 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.582509041 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.589565039 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.589623928 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.589660883 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.598836899 CEST49768443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:01.598860025 CEST44349768184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:01.598874092 CEST49768443192.168.2.4184.28.90.27
                      Sep 5, 2024 01:58:01.598879099 CEST44349768184.28.90.27192.168.2.4
                      Sep 5, 2024 01:58:01.606421947 CEST49769443192.168.2.413.107.246.60
                      Sep 5, 2024 01:58:01.606429100 CEST4434976913.107.246.60192.168.2.4
                      Sep 5, 2024 01:58:01.635298014 CEST804977134.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:01.643567085 CEST4977180192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:01.937714100 CEST53614521.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:01.939409971 CEST6145253192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:01.944648027 CEST53614521.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:01.946743011 CEST6145253192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:01.950604916 CEST61454443192.168.2.4152.195.19.97
                      Sep 5, 2024 01:58:01.950639963 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:01.951992035 CEST61454443192.168.2.4152.195.19.97
                      Sep 5, 2024 01:58:01.952289104 CEST61454443192.168.2.4152.195.19.97
                      Sep 5, 2024 01:58:01.952301979 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:01.994261980 CEST806145334.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:02.067589998 CEST61455443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.067640066 CEST44361455172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.067759037 CEST61456443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.067784071 CEST44361456172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.068902969 CEST61455443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.069019079 CEST61456443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.069207907 CEST61456443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.069225073 CEST44361456172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.069320917 CEST61455443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.069335938 CEST44361455172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.113636017 CEST61457443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.113667965 CEST44361457172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.113818884 CEST61458443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.113826990 CEST44361458172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.115042925 CEST61457443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.115080118 CEST61458443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.115284920 CEST61458443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.115291119 CEST44361458172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.115385056 CEST61457443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.115392923 CEST44361457172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.203356981 CEST806145334.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:02.203810930 CEST6145380192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:02.306677103 CEST61459443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.306699991 CEST4436145913.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.307802916 CEST61460443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.307830095 CEST4436146013.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.308022976 CEST61461443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.308029890 CEST4436146113.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.308146954 CEST61462443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.308152914 CEST4436146213.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.308248043 CEST61463443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.308255911 CEST4436146313.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.308371067 CEST61464443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.308377981 CEST4436146413.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.309721947 CEST61459443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.309721947 CEST61461443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.309721947 CEST61462443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.309731960 CEST61460443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.309834957 CEST61464443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.309834957 CEST61463443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.340620995 CEST61464443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.340646982 CEST4436146413.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.340744019 CEST61463443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.340754986 CEST4436146313.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.340862036 CEST61462443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.340878010 CEST4436146213.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.340967894 CEST61461443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.340979099 CEST4436146113.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.341059923 CEST61460443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.341073036 CEST4436146013.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.341150999 CEST61459443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.341162920 CEST4436145913.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.504754066 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:02.517421007 CEST61454443192.168.2.4152.195.19.97
                      Sep 5, 2024 01:58:02.517457962 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:02.518452883 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:02.522253990 CEST44361455172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.532124043 CEST44361456172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.532501936 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:02.532672882 CEST61454443192.168.2.4152.195.19.97
                      Sep 5, 2024 01:58:02.533853054 CEST61455443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.533873081 CEST44361455172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.534244061 CEST44361455172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.534909010 CEST61465443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:02.534934044 CEST44361465142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:02.535027027 CEST61466443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:02.535032988 CEST44361466142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:02.535193920 CEST61454443192.168.2.4152.195.19.97
                      Sep 5, 2024 01:58:02.535283089 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:02.535348892 CEST61454443192.168.2.4152.195.19.97
                      Sep 5, 2024 01:58:02.544641972 CEST61454443192.168.2.4152.195.19.97
                      Sep 5, 2024 01:58:02.544799089 CEST61465443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:02.544799089 CEST61466443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:02.545021057 CEST61466443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:02.545036077 CEST44361466142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:02.545145035 CEST61465443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:02.545154095 CEST44361465142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:02.545392990 CEST61455443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.545478106 CEST44361455172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.545604944 CEST61456443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.545612097 CEST44361456172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.545985937 CEST44361456172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.546919107 CEST61456443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.546977997 CEST44361456172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.580512047 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:02.587224960 CEST44361458172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.594419003 CEST61458443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.594440937 CEST44361458172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.595427036 CEST44361458172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.598145008 CEST44361457172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.598783970 CEST61458443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.599800110 CEST61457443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.599807024 CEST44361457172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.600054979 CEST61458443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.600119114 CEST44361458172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.600788116 CEST44361457172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.600980997 CEST61457443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.601281881 CEST61457443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.601336002 CEST44361457172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.633976936 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:02.633986950 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:02.634032011 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:02.634067059 CEST61454443192.168.2.4152.195.19.97
                      Sep 5, 2024 01:58:02.634114027 CEST61454443192.168.2.4152.195.19.97
                      Sep 5, 2024 01:58:02.634733915 CEST61454443192.168.2.4152.195.19.97
                      Sep 5, 2024 01:58:02.634748936 CEST44361454152.195.19.97192.168.2.4
                      Sep 5, 2024 01:58:02.644179106 CEST61456443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.644185066 CEST61455443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.704689980 CEST61458443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.704708099 CEST44361458172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.704735994 CEST61457443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.704741001 CEST44361457172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.874805927 CEST61467443192.168.2.4142.250.81.228
                      Sep 5, 2024 01:58:02.874829054 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:02.874914885 CEST61467443192.168.2.4142.250.81.228
                      Sep 5, 2024 01:58:02.875097036 CEST61467443192.168.2.4142.250.81.228
                      Sep 5, 2024 01:58:02.875104904 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:02.897083044 CEST61458443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.897275925 CEST61457443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.973869085 CEST4436146413.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.974853992 CEST4436146113.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.979886055 CEST61461443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.979907990 CEST4436146113.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.979995012 CEST61464443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.980011940 CEST4436146413.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.980391026 CEST4436146413.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.981156111 CEST4436146113.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.981369972 CEST61461443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.981690884 CEST61464443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.981760025 CEST4436146413.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.981976032 CEST61461443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.982047081 CEST4436146113.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:02.982099056 CEST61464443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.982139111 CEST61461443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:02.993828058 CEST4436146013.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.002583027 CEST4436145913.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.008589029 CEST61459443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.008599043 CEST4436145913.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.008696079 CEST61460443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.008706093 CEST4436146013.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.009680033 CEST4436145913.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.009769917 CEST4436146013.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.009857893 CEST61460443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.009861946 CEST61459443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.010354996 CEST61459443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.010425091 CEST4436145913.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.010623932 CEST61460443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.010634899 CEST44361465142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.010685921 CEST4436146013.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.010761023 CEST44361466142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.010762930 CEST61459443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.010809898 CEST61460443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.014713049 CEST4436146213.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.015424967 CEST4436146313.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.021528006 CEST61466443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.021543980 CEST44361466142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.021655083 CEST61465443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.021665096 CEST44361465142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.021785021 CEST61462443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.021794081 CEST4436146213.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.021882057 CEST61463443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.021889925 CEST4436146313.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.021940947 CEST44361466142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.021951914 CEST44361466142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.022113085 CEST61466443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.022245884 CEST4436146313.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.022483110 CEST44361465142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.022494078 CEST44361465142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.022664070 CEST44361466142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.022847891 CEST61465443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.022897959 CEST4436146213.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.022928953 CEST61466443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.023197889 CEST44361465142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.024350882 CEST61462443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.024502039 CEST61465443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.024503946 CEST4436146113.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.026055098 CEST61463443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.026124001 CEST4436146313.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.026478052 CEST61462443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.026540995 CEST4436146213.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.026643038 CEST61466443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.026705027 CEST44361466142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.026849985 CEST61465443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.027024031 CEST44361465142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.027049065 CEST61463443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.027090073 CEST61462443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.027451992 CEST61466443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.027718067 CEST61465443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.028491974 CEST4436146413.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.056502104 CEST4436146013.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.056509018 CEST4436145913.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.068501949 CEST44361466142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.068525076 CEST44361465142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.072491884 CEST4436146213.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.072499037 CEST4436146313.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.084717035 CEST4436146113.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.085258961 CEST4436146113.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.086136103 CEST4436146413.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.086400986 CEST4436146413.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.086949110 CEST61461443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.087126970 CEST61464443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.095531940 CEST61464443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.095541954 CEST4436146413.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.096157074 CEST61468443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.096179962 CEST4436146813.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.096261024 CEST61468443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.096522093 CEST61461443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.096529961 CEST4436146113.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.098954916 CEST61468443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.098968029 CEST4436146813.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.110347033 CEST4436145913.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.110496998 CEST61459443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.110506058 CEST4436145913.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.110829115 CEST4436145913.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.111443996 CEST4436146013.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.111671925 CEST4436146013.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.111994982 CEST61459443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.112098932 CEST61460443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.114877939 CEST61459443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.114886045 CEST4436145913.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.115180016 CEST61460443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.115187883 CEST4436146013.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.129285097 CEST4436146313.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.129302979 CEST4436146313.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.129307032 CEST4436146213.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.129522085 CEST4436146313.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.130630016 CEST4436146213.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.135067940 CEST61463443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.135237932 CEST61462443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.135665894 CEST44361466142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.136343002 CEST44361465142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.136373997 CEST61466443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.136532068 CEST61465443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.136955023 CEST61466443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.136961937 CEST44361466142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.137506962 CEST61465443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.137511015 CEST44361465142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.138483047 CEST61463443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.138489962 CEST4436146313.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.138712883 CEST61462443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.138717890 CEST4436146213.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.356271982 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:03.356801033 CEST61467443192.168.2.4142.250.81.228
                      Sep 5, 2024 01:58:03.356812954 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:03.357644081 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:03.357851982 CEST61467443192.168.2.4142.250.81.228
                      Sep 5, 2024 01:58:03.358917952 CEST61467443192.168.2.4142.250.81.228
                      Sep 5, 2024 01:58:03.358958006 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:03.359102011 CEST61467443192.168.2.4142.250.81.228
                      Sep 5, 2024 01:58:03.404504061 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:03.445801020 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.445823908 CEST44361469142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.445940018 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.445946932 CEST44361470142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.446057081 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.446086884 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.446271896 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.446276903 CEST44361470142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.446366072 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.446368933 CEST44361469142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.459481001 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:03.459537029 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:03.459618092 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:03.459675074 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:03.459722996 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:03.460534096 CEST61467443192.168.2.4142.250.81.228
                      Sep 5, 2024 01:58:03.463022947 CEST61467443192.168.2.4142.250.81.228
                      Sep 5, 2024 01:58:03.463031054 CEST44361467142.250.81.228192.168.2.4
                      Sep 5, 2024 01:58:03.546333075 CEST61471443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:03.546355009 CEST44361471162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:03.546520948 CEST61472443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:03.546530962 CEST44361472162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:03.547770977 CEST61471443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:03.547979116 CEST61472443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:03.547979116 CEST61472443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:03.547996998 CEST44361472162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:03.548068047 CEST61471443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:03.548079967 CEST44361471162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:03.772633076 CEST4436146813.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.794461012 CEST61468443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.794475079 CEST4436146813.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.794822931 CEST4436146813.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.797307968 CEST61468443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.797390938 CEST4436146813.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.797451973 CEST61468443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.840006113 CEST61468443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:03.840019941 CEST4436146813.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.898854971 CEST4436146813.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.898871899 CEST4436146813.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.898966074 CEST4436146813.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:03.906030893 CEST44361470142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.906280041 CEST44361469142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.912527084 CEST61468443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:04.002279997 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.002279997 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.003957987 CEST44361471162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.005501986 CEST44361472162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.129249096 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.129264116 CEST44361469142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.129349947 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.129360914 CEST44361470142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.129818916 CEST44361469142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.129832029 CEST44361469142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.129842997 CEST44361470142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.129853010 CEST44361470142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.130176067 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.130342007 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.130511999 CEST44361469142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.130549908 CEST44361470142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.130793095 CEST61472443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.130800009 CEST44361472162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.130898952 CEST61471443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.130920887 CEST44361471162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.131078005 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.131206036 CEST44361472162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.131211042 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.131273031 CEST44361471162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.131423950 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.131490946 CEST44361470142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.132453918 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.132524014 CEST44361469142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.135668039 CEST61471443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.135742903 CEST44361471162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.135926962 CEST61472443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.135999918 CEST44361472162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.141581059 CEST61468443192.168.2.413.107.246.40
                      Sep 5, 2024 01:58:04.141597033 CEST4436146813.107.246.40192.168.2.4
                      Sep 5, 2024 01:58:04.299753904 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.299765110 CEST44361469142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.299766064 CEST61471443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.299777031 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.299777031 CEST61472443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.299783945 CEST44361470142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:04.406543970 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.406543970 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:04.985449076 CEST61475443192.168.2.4142.251.40.234
                      Sep 5, 2024 01:58:04.985471010 CEST44361475142.251.40.234192.168.2.4
                      Sep 5, 2024 01:58:04.985579967 CEST61475443192.168.2.4142.251.40.234
                      Sep 5, 2024 01:58:04.985688925 CEST61475443192.168.2.4142.251.40.234
                      Sep 5, 2024 01:58:04.985698938 CEST44361475142.251.40.234192.168.2.4
                      Sep 5, 2024 01:58:05.447874069 CEST44361475142.251.40.234192.168.2.4
                      Sep 5, 2024 01:58:05.448122978 CEST61475443192.168.2.4142.251.40.234
                      Sep 5, 2024 01:58:05.448131084 CEST44361475142.251.40.234192.168.2.4
                      Sep 5, 2024 01:58:05.449124098 CEST44361475142.251.40.234192.168.2.4
                      Sep 5, 2024 01:58:05.449187994 CEST61475443192.168.2.4142.251.40.234
                      Sep 5, 2024 01:58:05.450092077 CEST61475443192.168.2.4142.251.40.234
                      Sep 5, 2024 01:58:05.450206041 CEST44361475142.251.40.234192.168.2.4
                      Sep 5, 2024 01:58:05.450253010 CEST61475443192.168.2.4142.251.40.234
                      Sep 5, 2024 01:58:05.496501923 CEST44361475142.251.40.234192.168.2.4
                      Sep 5, 2024 01:58:05.501441002 CEST61475443192.168.2.4142.251.40.234
                      Sep 5, 2024 01:58:05.501450062 CEST44361475142.251.40.234192.168.2.4
                      Sep 5, 2024 01:58:05.588572979 CEST44361475142.251.40.234192.168.2.4
                      Sep 5, 2024 01:58:05.588654041 CEST61475443192.168.2.4142.251.40.234
                      Sep 5, 2024 01:58:05.589485884 CEST61475443192.168.2.4142.251.40.234
                      Sep 5, 2024 01:58:05.589497089 CEST44361475142.251.40.234192.168.2.4
                      Sep 5, 2024 01:58:07.443201065 CEST49672443192.168.2.4173.222.162.32
                      Sep 5, 2024 01:58:07.443231106 CEST44349672173.222.162.32192.168.2.4
                      Sep 5, 2024 01:58:08.887989998 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:08.888020039 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:08.894087076 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:08.915945053 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:08.915961981 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:09.601963043 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:09.602058887 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:09.604978085 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:09.604988098 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:09.605202913 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:09.658294916 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:10.311666965 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:10.352494001 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:10.535684109 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:10.535703897 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:10.535711050 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:10.535739899 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:10.535753965 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:10.535762072 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:10.536668062 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:10.536686897 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:10.536704063 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:10.536725998 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:10.536726952 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:10.536864042 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:11.274622917 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:11.274641991 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:11.274652958 CEST61476443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:11.274658918 CEST4436147652.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:11.462816000 CEST4977180192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:11.467848063 CEST804977134.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:12.003690004 CEST6145380192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:12.008595943 CEST806145334.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:17.433233976 CEST44361455172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:17.433307886 CEST44361455172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:17.433481932 CEST61455443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:17.442059040 CEST44361456172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:17.442121029 CEST44361456172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:17.442706108 CEST61456443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:17.494574070 CEST44361458172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:17.494628906 CEST44361458172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:17.494702101 CEST61458443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:17.503624916 CEST44361457172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:17.503679991 CEST44361457172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:17.506508112 CEST61457443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:18.913966894 CEST44361471162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:18.914036989 CEST44361471162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:18.914546967 CEST61471443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:18.915174007 CEST44361472162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:18.915254116 CEST44361472162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:18.915339947 CEST61472443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:21.480334997 CEST4977180192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:21.485280991 CEST804977134.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:22.018784046 CEST6145380192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:22.023638964 CEST806145334.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:28.223191977 CEST61482443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:28.223232985 CEST4436148235.190.72.216192.168.2.4
                      Sep 5, 2024 01:58:28.223455906 CEST61483443192.168.2.434.149.100.209
                      Sep 5, 2024 01:58:28.223495007 CEST4436148334.149.100.209192.168.2.4
                      Sep 5, 2024 01:58:28.223534107 CEST61482443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:28.224937916 CEST61482443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:28.224953890 CEST4436148235.190.72.216192.168.2.4
                      Sep 5, 2024 01:58:28.225091934 CEST61483443192.168.2.434.149.100.209
                      Sep 5, 2024 01:58:28.235011101 CEST61483443192.168.2.434.149.100.209
                      Sep 5, 2024 01:58:28.235025883 CEST4436148334.149.100.209192.168.2.4
                      Sep 5, 2024 01:58:28.235763073 CEST61484443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:28.235780001 CEST4436148435.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:28.236558914 CEST61484443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:28.236706018 CEST61484443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:28.236721039 CEST4436148435.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:28.663409948 CEST61485443192.168.2.452.222.236.80
                      Sep 5, 2024 01:58:28.663436890 CEST4436148552.222.236.80192.168.2.4
                      Sep 5, 2024 01:58:28.663631916 CEST61485443192.168.2.452.222.236.80
                      Sep 5, 2024 01:58:28.663811922 CEST61485443192.168.2.452.222.236.80
                      Sep 5, 2024 01:58:28.663825989 CEST4436148552.222.236.80192.168.2.4
                      Sep 5, 2024 01:58:28.712038040 CEST4436148235.190.72.216192.168.2.4
                      Sep 5, 2024 01:58:28.712116003 CEST61482443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:28.716942072 CEST61482443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:28.716948986 CEST4436148334.149.100.209192.168.2.4
                      Sep 5, 2024 01:58:28.716958046 CEST4436148235.190.72.216192.168.2.4
                      Sep 5, 2024 01:58:28.716969013 CEST4436148435.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:28.717067957 CEST61482443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:28.717089891 CEST4436148235.190.72.216192.168.2.4
                      Sep 5, 2024 01:58:28.717257023 CEST61482443192.168.2.435.190.72.216
                      Sep 5, 2024 01:58:28.717268944 CEST61484443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:28.717268944 CEST61483443192.168.2.434.149.100.209
                      Sep 5, 2024 01:58:28.720226049 CEST61483443192.168.2.434.149.100.209
                      Sep 5, 2024 01:58:28.720235109 CEST4436148334.149.100.209192.168.2.4
                      Sep 5, 2024 01:58:28.720503092 CEST4977180192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:28.720534086 CEST4436148334.149.100.209192.168.2.4
                      Sep 5, 2024 01:58:28.723433971 CEST61484443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:28.723438025 CEST4436148435.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:28.723726034 CEST4436148435.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:28.725229025 CEST804977134.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:28.726618052 CEST61483443192.168.2.434.149.100.209
                      Sep 5, 2024 01:58:28.726721048 CEST61483443192.168.2.434.149.100.209
                      Sep 5, 2024 01:58:28.726748943 CEST4436148334.149.100.209192.168.2.4
                      Sep 5, 2024 01:58:28.726787090 CEST61484443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:28.726840019 CEST61484443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:28.726913929 CEST4436148435.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:28.726938009 CEST61483443192.168.2.434.149.100.209
                      Sep 5, 2024 01:58:28.727844954 CEST61484443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:28.728960037 CEST6145380192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:28.734807014 CEST806145334.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:28.734895945 CEST6145380192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:28.817830086 CEST804977134.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:28.818124056 CEST4977180192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:28.823162079 CEST804977134.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:28.823700905 CEST4977180192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:28.827656031 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:28.832442999 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:28.832504034 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:28.832674980 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:28.837413073 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:29.275990009 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:29.322427988 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:29.412132978 CEST4436148552.222.236.80192.168.2.4
                      Sep 5, 2024 01:58:29.412209034 CEST61485443192.168.2.452.222.236.80
                      Sep 5, 2024 01:58:29.415117025 CEST61485443192.168.2.452.222.236.80
                      Sep 5, 2024 01:58:29.415128946 CEST4436148552.222.236.80192.168.2.4
                      Sep 5, 2024 01:58:29.415352106 CEST4436148552.222.236.80192.168.2.4
                      Sep 5, 2024 01:58:29.417836905 CEST61485443192.168.2.452.222.236.80
                      Sep 5, 2024 01:58:29.417917967 CEST61485443192.168.2.452.222.236.80
                      Sep 5, 2024 01:58:29.417982101 CEST4436148552.222.236.80192.168.2.4
                      Sep 5, 2024 01:58:29.422749996 CEST61485443192.168.2.452.222.236.80
                      Sep 5, 2024 01:58:29.425939083 CEST61487443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.425971985 CEST4436148735.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.426127911 CEST61487443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.426242113 CEST61487443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.426254988 CEST4436148735.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.431515932 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:29.435781956 CEST61489443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.435797930 CEST4436148935.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.435897112 CEST61490443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.435903072 CEST4436149035.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.436064005 CEST61489443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.436131001 CEST61490443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.436131001 CEST61489443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.436148882 CEST4436148935.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.436240911 CEST61490443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.436249971 CEST4436149035.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.436363935 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:29.436506033 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:29.436583042 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:29.441418886 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:29.885618925 CEST4436148735.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.886734962 CEST4436148935.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.888655901 CEST61487443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.888670921 CEST61489443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.890156984 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:29.891515017 CEST61487443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.891525030 CEST4436148735.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.891735077 CEST4436148735.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.893574953 CEST61489443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.893582106 CEST4436148935.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.893836021 CEST4436148935.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.901489019 CEST61487443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.901559114 CEST61487443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.901652098 CEST4436148735.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.909215927 CEST61487443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.910096884 CEST61489443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.910229921 CEST61489443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.910310030 CEST4436148935.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.911149025 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:29.914936066 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:29.915369034 CEST61489443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.915960073 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:29.919711113 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:29.920655966 CEST4436149035.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.922771931 CEST61490443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.925493002 CEST61490443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.925498009 CEST4436149035.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.925729036 CEST4436149035.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.928373098 CEST61490443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.928445101 CEST61490443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:29.928522110 CEST4436149035.244.181.201192.168.2.4
                      Sep 5, 2024 01:58:29.929052114 CEST61490443192.168.2.435.244.181.201
                      Sep 5, 2024 01:58:30.005172968 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:30.015398026 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:30.017802000 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:30.022686005 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:30.062194109 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:30.112592936 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:30.157773972 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:40.016024113 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:40.020894051 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:40.116178036 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:40.121043921 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:48.081890106 CEST61492443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:48.081923008 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:48.082071066 CEST61492443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:48.082412004 CEST61492443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:48.082426071 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:48.747275114 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:48.753298998 CEST61492443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:48.763709068 CEST61492443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:48.763721943 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:48.763917923 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:48.771713972 CEST61492443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:48.816505909 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:49.004261971 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:49.004281044 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:49.004300117 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:49.004401922 CEST61492443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:49.004417896 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:49.004609108 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:49.004645109 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:49.004978895 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:49.007301092 CEST61492443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:49.007344007 CEST61492443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:49.009399891 CEST61492443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:49.009409904 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:49.009421110 CEST61492443192.168.2.452.165.165.26
                      Sep 5, 2024 01:58:49.009424925 CEST4436149252.165.165.26192.168.2.4
                      Sep 5, 2024 01:58:49.311589956 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:49.311609983 CEST44361469142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:49.311635971 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:49.311642885 CEST44361470142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:50.028625965 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:50.033411026 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:50.129578114 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:58:50.134531021 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:58:54.072330952 CEST61471443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:54.072359085 CEST44361471162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:54.072366953 CEST61472443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:54.072385073 CEST44361472162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:56.649892092 CEST61455443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:56.649925947 CEST61456443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:56.649944067 CEST44361456172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:56.649945974 CEST44361455172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:56.649971008 CEST61458443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:56.650006056 CEST44361458172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:56.650019884 CEST61457443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:56.650024891 CEST44361457172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:57.327915907 CEST61494443192.168.2.423.219.161.132
                      Sep 5, 2024 01:58:57.327945948 CEST4436149423.219.161.132192.168.2.4
                      Sep 5, 2024 01:58:57.328012943 CEST61494443192.168.2.423.219.161.132
                      Sep 5, 2024 01:58:57.328193903 CEST61494443192.168.2.423.219.161.132
                      Sep 5, 2024 01:58:57.328206062 CEST4436149423.219.161.132192.168.2.4
                      Sep 5, 2024 01:58:57.801120996 CEST4436149423.219.161.132192.168.2.4
                      Sep 5, 2024 01:58:57.801492929 CEST61494443192.168.2.423.219.161.132
                      Sep 5, 2024 01:58:57.801503897 CEST4436149423.219.161.132192.168.2.4
                      Sep 5, 2024 01:58:57.802371025 CEST4436149423.219.161.132192.168.2.4
                      Sep 5, 2024 01:58:57.804600954 CEST61494443192.168.2.423.219.161.132
                      Sep 5, 2024 01:58:57.804881096 CEST61494443192.168.2.423.219.161.132
                      Sep 5, 2024 01:58:57.804935932 CEST4436149423.219.161.132192.168.2.4
                      Sep 5, 2024 01:58:57.805013895 CEST61494443192.168.2.423.219.161.132
                      Sep 5, 2024 01:58:57.805020094 CEST4436149423.219.161.132192.168.2.4
                      Sep 5, 2024 01:58:57.848234892 CEST61494443192.168.2.423.219.161.132
                      Sep 5, 2024 01:58:58.103913069 CEST4436149423.219.161.132192.168.2.4
                      Sep 5, 2024 01:58:58.103961945 CEST4436149423.219.161.132192.168.2.4
                      Sep 5, 2024 01:58:58.104203939 CEST61494443192.168.2.423.219.161.132
                      Sep 5, 2024 01:58:58.104214907 CEST4436149423.219.161.132192.168.2.4
                      Sep 5, 2024 01:58:58.104295969 CEST61494443192.168.2.423.219.161.132
                      Sep 5, 2024 01:58:58.104310989 CEST61494443192.168.2.423.219.161.132
                      Sep 5, 2024 01:58:58.202373981 CEST61495443192.168.2.4104.126.116.26
                      Sep 5, 2024 01:58:58.202403069 CEST44361495104.126.116.26192.168.2.4
                      Sep 5, 2024 01:58:58.202476978 CEST61495443192.168.2.4104.126.116.26
                      Sep 5, 2024 01:58:58.202680111 CEST61495443192.168.2.4104.126.116.26
                      Sep 5, 2024 01:58:58.202692032 CEST44361495104.126.116.26192.168.2.4
                      Sep 5, 2024 01:58:58.658149004 CEST44361495104.126.116.26192.168.2.4
                      Sep 5, 2024 01:58:58.659089088 CEST61495443192.168.2.4104.126.116.26
                      Sep 5, 2024 01:58:58.659101963 CEST44361495104.126.116.26192.168.2.4
                      Sep 5, 2024 01:58:58.659387112 CEST44361495104.126.116.26192.168.2.4
                      Sep 5, 2024 01:58:58.659921885 CEST61495443192.168.2.4104.126.116.26
                      Sep 5, 2024 01:58:58.659976006 CEST44361495104.126.116.26192.168.2.4
                      Sep 5, 2024 01:58:58.708470106 CEST61495443192.168.2.4104.126.116.26
                      Sep 5, 2024 01:59:00.019627094 CEST61496443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.019665956 CEST4436149634.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.019752026 CEST61497443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.019788980 CEST4436149734.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.019824028 CEST61496443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.019927979 CEST61496443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.019938946 CEST4436149634.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.020004034 CEST61497443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.020076036 CEST61497443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.020087957 CEST4436149734.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.038410902 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:00.043241024 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:00.092756987 CEST61498443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.092787981 CEST4436149834.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.095808029 CEST61498443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.095954895 CEST61498443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.095966101 CEST4436149834.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.138662100 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:00.143651009 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:00.479084969 CEST4436149734.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.479099035 CEST4436149634.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.479176998 CEST61497443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.479526997 CEST61496443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.482176065 CEST61497443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.482183933 CEST4436149734.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.482424974 CEST4436149734.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.484968901 CEST61496443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.484987020 CEST4436149634.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.485212088 CEST4436149634.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.488137007 CEST61497443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.488266945 CEST61497443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.488285065 CEST4436149734.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.488348007 CEST61496443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.488415956 CEST61496443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.488508940 CEST4436149634.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.488553047 CEST61497443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.488564014 CEST61496443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.573848009 CEST4436149834.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.574024916 CEST61498443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.631243944 CEST61498443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.631267071 CEST4436149834.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.631509066 CEST4436149834.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.634268045 CEST61498443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.634361029 CEST61498443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.634427071 CEST4436149834.120.208.123192.168.2.4
                      Sep 5, 2024 01:59:00.634926081 CEST61498443192.168.2.434.120.208.123
                      Sep 5, 2024 01:59:00.637283087 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:00.642119884 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:00.733997107 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:00.738398075 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:00.743249893 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:00.788536072 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:00.833395004 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:00.881469011 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:10.743179083 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:10.748231888 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:10.843462944 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:10.848467112 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:17.747215986 CEST44361495104.126.116.26192.168.2.4
                      Sep 5, 2024 01:59:17.747292042 CEST44361495104.126.116.26192.168.2.4
                      Sep 5, 2024 01:59:17.747457981 CEST61495443192.168.2.4104.126.116.26
                      Sep 5, 2024 01:59:20.761768103 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:20.766623974 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:20.856281042 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:20.862090111 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:30.782155037 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:30.787195921 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:30.865119934 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:30.869915009 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:34.321803093 CEST61469443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:59:34.321818113 CEST44361469142.251.40.206192.168.2.4
                      Sep 5, 2024 01:59:34.321849108 CEST61470443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:59:34.321854115 CEST44361470142.251.40.206192.168.2.4
                      Sep 5, 2024 01:59:40.789968967 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:40.794775963 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:40.882142067 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:40.887000084 CEST806148634.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:50.799424887 CEST6148880192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:50.804332972 CEST806148834.107.221.82192.168.2.4
                      Sep 5, 2024 01:59:50.897691965 CEST6148680192.168.2.434.107.221.82
                      Sep 5, 2024 01:59:50.902524948 CEST806148634.107.221.82192.168.2.4

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Sep 5, 2024 01:57:55.626473904 CEST53604971.1.1.1192.168.2.4
                      Sep 5, 2024 01:57:56.654604912 CEST6187253192.168.2.41.1.1.1
                      Sep 5, 2024 01:57:56.654983997 CEST5992853192.168.2.41.1.1.1
                      Sep 5, 2024 01:57:56.780751944 CEST6441553192.168.2.41.1.1.1
                      Sep 5, 2024 01:57:56.781033039 CEST5222553192.168.2.41.1.1.1
                      Sep 5, 2024 01:57:56.788189888 CEST53644151.1.1.1192.168.2.4
                      Sep 5, 2024 01:57:56.788642883 CEST53522251.1.1.1192.168.2.4
                      Sep 5, 2024 01:57:57.867291927 CEST53533191.1.1.1192.168.2.4
                      Sep 5, 2024 01:57:58.089904070 CEST53516531.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:00.012507915 CEST4924153192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:00.019398928 CEST53492411.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:00.022125959 CEST5921253192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:00.030316114 CEST53592121.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:00.104964018 CEST6042053192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:00.105118036 CEST5201553192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:00.105429888 CEST5380753192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:00.105540037 CEST5085753192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:00.113980055 CEST53604201.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:00.113992929 CEST53520151.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:00.114002943 CEST53508571.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:00.114012957 CEST53538071.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:00.237346888 CEST6125853192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:00.237502098 CEST5763753192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:00.247813940 CEST53612581.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:00.247971058 CEST53576371.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:00.914967060 CEST5675253192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:00.947577953 CEST5610653192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:00.954144001 CEST53561061.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:00.959156036 CEST5726253192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:00.966886997 CEST53572621.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:01.204652071 CEST53628851.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:01.509526968 CEST5018553192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:01.516087055 CEST53501851.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:01.521277905 CEST5201753192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:01.527712107 CEST53520171.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:01.532510042 CEST5934753192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:01.757388115 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.067235947 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.203428030 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.203460932 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.203542948 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.203577042 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.203589916 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.204309940 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.206819057 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.207062006 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.207382917 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.207478046 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.207592010 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.207676888 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.301070929 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.301090002 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.301100016 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.301107883 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.302069902 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.302174091 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.303591967 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.304678917 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.304809093 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.305157900 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.305167913 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.305265903 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.306175947 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.396102905 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.427056074 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.431286097 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.431565046 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.526348114 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.526988029 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.527751923 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.533499002 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.776488066 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.776570082 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:02.872848034 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.873601913 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.873799086 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:02.874043941 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:03.139651060 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.445383072 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.544308901 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:03.544806004 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:03.545819998 CEST62309443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:03.606156111 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.606353998 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.608099937 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.613420010 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.613432884 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.613441944 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.613461018 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.613670111 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.614017963 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.614896059 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.615005016 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.615369081 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.615381002 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.615514040 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.639295101 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:03.640660048 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:03.641062021 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:03.641227007 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:03.711142063 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.711253881 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.711682081 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.712575912 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.724422932 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.724422932 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.726831913 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.728641987 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.729132891 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.729724884 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:03.823420048 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:03.867264986 CEST62309443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.008409023 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.008426905 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.008533955 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.008588076 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.008598089 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.129767895 CEST62309443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.131889105 CEST62309443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.132105112 CEST62309443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.132725000 CEST62309443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.132811069 CEST62309443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.228739023 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.228986979 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.228996038 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.229003906 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.229778051 CEST62309443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.230135918 CEST62309443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.230508089 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.231679916 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.231982946 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.232585907 CEST62309443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.325845957 CEST44362309162.159.61.3192.168.2.4
                      Sep 5, 2024 01:58:04.361195087 CEST62309443192.168.2.4162.159.61.3
                      Sep 5, 2024 01:58:04.888341904 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:04.888509035 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:04.983699083 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:04.984461069 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:04.984708071 CEST44365348172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:04.985025883 CEST65348443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:11.310046911 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:11.310089111 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:11.407538891 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:11.437792063 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:11.438190937 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:11.438488007 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:11.485204935 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:11.558331966 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:16.417157888 CEST138138192.168.2.4192.168.2.255
                      Sep 5, 2024 01:58:28.215708017 CEST6324253192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:28.222424030 CEST53632421.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:28.224600077 CEST5906253192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:28.225966930 CEST5899753192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:28.231455088 CEST53590621.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:28.232032061 CEST5812453192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:28.232615948 CEST53589971.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:28.233047962 CEST6145853192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:28.238622904 CEST53581241.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:28.239980936 CEST53614581.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:28.654460907 CEST6157453192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:28.662014961 CEST53615741.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:28.663549900 CEST6261353192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:28.682048082 CEST53626131.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:28.682585955 CEST5972053192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:28.689332962 CEST53597201.1.1.1192.168.2.4
                      Sep 5, 2024 01:58:28.820460081 CEST6025953192.168.2.41.1.1.1
                      Sep 5, 2024 01:58:32.512020111 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:32.621038914 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:32.621052980 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:32.621341944 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:32.647492886 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:32.740624905 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:33.071310043 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:33.179222107 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:33.179620028 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:33.179625034 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:33.208087921 CEST53364443192.168.2.4142.251.40.206
                      Sep 5, 2024 01:58:33.298413038 CEST44353364142.251.40.206192.168.2.4
                      Sep 5, 2024 01:58:56.650872946 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:56.651021004 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:56.651307106 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:56.651501894 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:56.999566078 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:57.115004063 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:57.115261078 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:57.115297079 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:57.115413904 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:57.115709066 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:57.115767956 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:57.115884066 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:57.115963936 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:57.121037006 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:57.217617989 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:57.221503019 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:57.221693039 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:57.324434042 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:57.325817108 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:57.326035976 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:57.327258110 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:57.965423107 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:57.965528965 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:58.180545092 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:58.199795961 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:58.200973988 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:58.201090097 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:58:58.201463938 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:58:58.281863928 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:00.019732952 CEST5611253192.168.2.41.1.1.1
                      Sep 5, 2024 01:59:00.026350975 CEST53561121.1.1.1192.168.2.4
                      Sep 5, 2024 01:59:00.026916027 CEST5351453192.168.2.41.1.1.1
                      Sep 5, 2024 01:59:00.033550024 CEST53535141.1.1.1192.168.2.4
                      Sep 5, 2024 01:59:00.636993885 CEST6390353192.168.2.41.1.1.1
                      Sep 5, 2024 01:59:01.306804895 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:01.306895971 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:01.407460928 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:01.408308029 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:01.408795118 CEST44356315172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:01.416054964 CEST56315443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:01.416724920 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:01.416835070 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:01.417026997 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:01.888494015 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:01.889084101 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:01.889126062 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:01.889137983 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:01.889377117 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:01.893213034 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:01.893809080 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:01.995033026 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:01.995331049 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:01.996248960 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:02.019610882 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:02.061754942 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:02.062515974 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:02.062530994 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:02.065459967 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:02.066893101 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:02.141180038 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:02.195605993 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:02.226964951 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:02.275158882 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:04.314176083 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:04.440962076 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:04.468558073 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:04.468569994 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:04.468631029 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:04.472599030 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:04.472672939 CEST61796443192.168.2.4142.251.167.84
                      Sep 5, 2024 01:59:04.599169970 CEST44361796142.251.167.84192.168.2.4
                      Sep 5, 2024 01:59:25.902921915 CEST5864353192.168.2.41.1.1.1
                      Sep 5, 2024 01:59:25.903151035 CEST6040053192.168.2.41.1.1.1
                      Sep 5, 2024 01:59:25.909427881 CEST53586431.1.1.1192.168.2.4
                      Sep 5, 2024 01:59:25.909809113 CEST53604001.1.1.1192.168.2.4
                      Sep 5, 2024 01:59:25.910540104 CEST60213443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:25.910665035 CEST60213443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:25.910876989 CEST60213443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:25.910963058 CEST60213443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:26.364586115 CEST44360213172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:26.365149021 CEST60213443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:26.403218031 CEST60213443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:26.463010073 CEST44360213172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:26.463021040 CEST44360213172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:26.463028908 CEST44360213172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:26.463037968 CEST44360213172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:26.463391066 CEST60213443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:26.463391066 CEST60213443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:26.561074018 CEST44360213172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:26.561520100 CEST60213443192.168.2.4172.64.41.3
                      Sep 5, 2024 01:59:26.661043882 CEST44360213172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:26.661844969 CEST44360213172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:26.662239075 CEST44360213172.64.41.3192.168.2.4
                      Sep 5, 2024 01:59:26.662399054 CEST60213443192.168.2.4172.64.41.3

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Sep 5, 2024 01:57:56.654604912 CEST192.168.2.41.1.1.10xdf3Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:57:56.654983997 CEST192.168.2.41.1.1.10x6d2Standard query (0)bzib.nelreports.net65IN (0x0001)false
                      Sep 5, 2024 01:57:56.780751944 CEST192.168.2.41.1.1.10xcd09Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:57:56.781033039 CEST192.168.2.41.1.1.10x2868Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                      Sep 5, 2024 01:58:00.012507915 CEST192.168.2.41.1.1.10xe859Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.022125959 CEST192.168.2.41.1.1.10x498cStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                      Sep 5, 2024 01:58:00.104964018 CEST192.168.2.41.1.1.10xd13dStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.105118036 CEST192.168.2.41.1.1.10xe840Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                      Sep 5, 2024 01:58:00.105429888 CEST192.168.2.41.1.1.10x9bc8Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.105540037 CEST192.168.2.41.1.1.10x6610Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                      Sep 5, 2024 01:58:00.237346888 CEST192.168.2.41.1.1.10xca35Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.237502098 CEST192.168.2.41.1.1.10x6368Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                      Sep 5, 2024 01:58:00.914967060 CEST192.168.2.41.1.1.10xb74eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.947577953 CEST192.168.2.41.1.1.10x5a82Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.959156036 CEST192.168.2.41.1.1.10xd757Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                      Sep 5, 2024 01:58:01.509526968 CEST192.168.2.41.1.1.10x1862Standard query (0)example.orgA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:01.521277905 CEST192.168.2.41.1.1.10xd59fStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:01.532510042 CEST192.168.2.41.1.1.10x5abStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.215708017 CEST192.168.2.41.1.1.10xcc56Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.224600077 CEST192.168.2.41.1.1.10xb2faStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.225966930 CEST192.168.2.41.1.1.10x207fStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.232032061 CEST192.168.2.41.1.1.10x57f9Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                      Sep 5, 2024 01:58:28.233047962 CEST192.168.2.41.1.1.10xd756Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                      Sep 5, 2024 01:58:28.654460907 CEST192.168.2.41.1.1.10xbaa9Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.663549900 CEST192.168.2.41.1.1.10x93b5Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.682585955 CEST192.168.2.41.1.1.10x879aStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                      Sep 5, 2024 01:58:28.820460081 CEST192.168.2.41.1.1.10x444eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:59:00.019732952 CEST192.168.2.41.1.1.10xf0fbStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:59:00.026916027 CEST192.168.2.41.1.1.10x5250Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                      Sep 5, 2024 01:59:00.636993885 CEST192.168.2.41.1.1.10x17d3Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:59:25.902921915 CEST192.168.2.41.1.1.10x3364Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                      Sep 5, 2024 01:59:25.903151035 CEST192.168.2.41.1.1.10x55fStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Sep 5, 2024 01:57:56.661206007 CEST1.1.1.1192.168.2.40xdf3No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:57:56.661990881 CEST1.1.1.1192.168.2.40x6d2No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:57:56.788189888 CEST1.1.1.1192.168.2.40xcd09No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:57:56.788189888 CEST1.1.1.1192.168.2.40xcd09No error (0)googlehosted.l.googleusercontent.com216.58.206.65A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:57:56.788642883 CEST1.1.1.1192.168.2.40x2868No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:57:58.142360926 CEST1.1.1.1192.168.2.40x9467No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:57:58.142360926 CEST1.1.1.1192.168.2.40x9467No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:57:58.142371893 CEST1.1.1.1192.168.2.40x91b4No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:57:59.144730091 CEST1.1.1.1192.168.2.40xfaa4No error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:57:59.144730091 CEST1.1.1.1192.168.2.40xfaa4No error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:57:59.152990103 CEST1.1.1.1192.168.2.40x281aNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:57:59.154350042 CEST1.1.1.1192.168.2.40x8798No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:57:59.154350042 CEST1.1.1.1192.168.2.40x8798No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:57:59.968199968 CEST1.1.1.1192.168.2.40x3829No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.019398928 CEST1.1.1.1192.168.2.40xe859No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.113980055 CEST1.1.1.1192.168.2.40xd13dNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.113980055 CEST1.1.1.1192.168.2.40xd13dNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.113992929 CEST1.1.1.1192.168.2.40xe840No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                      Sep 5, 2024 01:58:00.114002943 CEST1.1.1.1192.168.2.40x6610No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                      Sep 5, 2024 01:58:00.114012957 CEST1.1.1.1192.168.2.40x9bc8No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.114012957 CEST1.1.1.1192.168.2.40x9bc8No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.247813940 CEST1.1.1.1192.168.2.40xca35No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.247813940 CEST1.1.1.1192.168.2.40xca35No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.247971058 CEST1.1.1.1192.168.2.40x6368No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                      Sep 5, 2024 01:58:00.922262907 CEST1.1.1.1192.168.2.40xb74eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:58:00.922262907 CEST1.1.1.1192.168.2.40xb74eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.954144001 CEST1.1.1.1192.168.2.40x5a82No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:00.966886997 CEST1.1.1.1192.168.2.40xd757No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                      Sep 5, 2024 01:58:01.516087055 CEST1.1.1.1192.168.2.40x1862No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:01.527712107 CEST1.1.1.1192.168.2.40xd59fNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:01.527712107 CEST1.1.1.1192.168.2.40xd59fNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:01.538940907 CEST1.1.1.1192.168.2.40x5abNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:58:01.538940907 CEST1.1.1.1192.168.2.40x5abNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:01.937714100 CEST1.1.1.1192.168.2.40x1No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:58:01.937714100 CEST1.1.1.1192.168.2.40x1No error (0)sni1gl.wpc.nucdn.net152.195.19.97A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.222424030 CEST1.1.1.1192.168.2.40xcc56No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:58:28.222424030 CEST1.1.1.1192.168.2.40xcc56No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.224184036 CEST1.1.1.1192.168.2.40x2a11No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:58:28.224184036 CEST1.1.1.1192.168.2.40x2a11No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.231455088 CEST1.1.1.1192.168.2.40xb2faNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.232615948 CEST1.1.1.1192.168.2.40x207fNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.662014961 CEST1.1.1.1192.168.2.40xbaa9No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.662014961 CEST1.1.1.1192.168.2.40xbaa9No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.662014961 CEST1.1.1.1192.168.2.40xbaa9No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.662014961 CEST1.1.1.1192.168.2.40xbaa9No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.682048082 CEST1.1.1.1192.168.2.40x93b5No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.682048082 CEST1.1.1.1192.168.2.40x93b5No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.682048082 CEST1.1.1.1192.168.2.40x93b5No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.682048082 CEST1.1.1.1192.168.2.40x93b5No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:28.827030897 CEST1.1.1.1192.168.2.40x444eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:58:28.827030897 CEST1.1.1.1192.168.2.40x444eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:29.435018063 CEST1.1.1.1192.168.2.40x2065No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:58:29.435018063 CEST1.1.1.1192.168.2.40x2065No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:58:29.961112022 CEST1.1.1.1192.168.2.40xfd04No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:58:29.961112022 CEST1.1.1.1192.168.2.40xfd04No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:59:00.017683983 CEST1.1.1.1192.168.2.40x88f5No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:59:00.026350975 CEST1.1.1.1192.168.2.40xf0fbNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:59:00.060151100 CEST1.1.1.1192.168.2.40x8d07No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:59:00.643985987 CEST1.1.1.1192.168.2.40x17d3No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                      Sep 5, 2024 01:59:00.643985987 CEST1.1.1.1192.168.2.40x17d3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:59:25.909427881 CEST1.1.1.1192.168.2.40x3364No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:59:25.909427881 CEST1.1.1.1192.168.2.40x3364No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                      Sep 5, 2024 01:59:25.909809113 CEST1.1.1.1192.168.2.40x55fNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                      HTTP Request Dependency Graph

                      • clients2.googleusercontent.com
                      • edgeassetservice.azureedge.net
                      • chrome.cloudflare-dns.com
                      • fs.microsoft.com
                      • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                      • https:
                        • www.google.com
                      • www.googleapis.com
                      • slscr.update.microsoft.com
                      • detectportal.firefox.com

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.44977134.107.221.82807888C:\Program Files\Mozilla Firefox\firefox.exe
                      TimestampBytes transferredDirectionData
                      Sep 5, 2024 01:58:00.954713106 CEST303OUTGET /canonical.html HTTP/1.1
                      Host: detectportal.firefox.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Connection: keep-alive
                      Sep 5, 2024 01:58:01.423353910 CEST298INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 90
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 01:51:25 GMT
                      Age: 79596
                      Content-Type: text/html
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                      Sep 5, 2024 01:58:01.635298014 CEST298INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 90
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 01:51:25 GMT
                      Age: 79596
                      Content-Type: text/html
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                      Sep 5, 2024 01:58:11.462816000 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:58:21.480334997 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:58:28.720503092 CEST303OUTGET /canonical.html HTTP/1.1
                      Host: detectportal.firefox.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Connection: keep-alive
                      Sep 5, 2024 01:58:28.817830086 CEST298INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 90
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 01:51:25 GMT
                      Age: 79623
                      Content-Type: text/html
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.46145334.107.221.82807888C:\Program Files\Mozilla Firefox\firefox.exe
                      TimestampBytes transferredDirectionData
                      Sep 5, 2024 01:58:01.546951056 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                      Host: detectportal.firefox.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Connection: keep-alive
                      Pragma: no-cache
                      Cache-Control: no-cache
                      Sep 5, 2024 01:58:01.994261980 CEST216INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 8
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 00:03:16 GMT
                      Age: 86085
                      Content-Type: text/plain
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 73 75 63 63 65 73 73 0a
                      Data Ascii: success
                      Sep 5, 2024 01:58:02.203356981 CEST216INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 8
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 00:03:16 GMT
                      Age: 86085
                      Content-Type: text/plain
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 73 75 63 63 65 73 73 0a
                      Data Ascii: success
                      Sep 5, 2024 01:58:12.003690004 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:58:22.018784046 CEST6OUTData Raw: 00
                      Data Ascii:


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.46148634.107.221.82807888C:\Program Files\Mozilla Firefox\firefox.exe
                      TimestampBytes transferredDirectionData
                      Sep 5, 2024 01:58:28.832674980 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                      Host: detectportal.firefox.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Connection: keep-alive
                      Pragma: no-cache
                      Cache-Control: no-cache
                      Sep 5, 2024 01:58:29.275990009 CEST216INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 8
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 00:03:16 GMT
                      Age: 86113
                      Content-Type: text/plain
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 73 75 63 63 65 73 73 0a
                      Data Ascii: success
                      Sep 5, 2024 01:58:29.911149025 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                      Host: detectportal.firefox.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Connection: keep-alive
                      Pragma: no-cache
                      Cache-Control: no-cache
                      Sep 5, 2024 01:58:30.005172968 CEST216INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 8
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 00:03:16 GMT
                      Age: 86113
                      Content-Type: text/plain
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 73 75 63 63 65 73 73 0a
                      Data Ascii: success
                      Sep 5, 2024 01:58:30.017802000 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                      Host: detectportal.firefox.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Connection: keep-alive
                      Pragma: no-cache
                      Cache-Control: no-cache
                      Sep 5, 2024 01:58:30.112592936 CEST216INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 8
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 00:03:16 GMT
                      Age: 86114
                      Content-Type: text/plain
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 73 75 63 63 65 73 73 0a
                      Data Ascii: success
                      Sep 5, 2024 01:58:40.116178036 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:58:50.129578114 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:00.138662100 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:00.738398075 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                      Host: detectportal.firefox.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Connection: keep-alive
                      Pragma: no-cache
                      Cache-Control: no-cache
                      Sep 5, 2024 01:59:00.833395004 CEST216INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 8
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 00:03:16 GMT
                      Age: 86144
                      Content-Type: text/plain
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 73 75 63 63 65 73 73 0a
                      Data Ascii: success
                      Sep 5, 2024 01:59:10.843462944 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:20.856281042 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:30.865119934 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:40.882142067 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:50.897691965 CEST6OUTData Raw: 00
                      Data Ascii:


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.46148834.107.221.82807888C:\Program Files\Mozilla Firefox\firefox.exe
                      TimestampBytes transferredDirectionData
                      Sep 5, 2024 01:58:29.436583042 CEST303OUTGET /canonical.html HTTP/1.1
                      Host: detectportal.firefox.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Connection: keep-alive
                      Sep 5, 2024 01:58:29.890156984 CEST298INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 90
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 01:51:25 GMT
                      Age: 79624
                      Content-Type: text/html
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                      Sep 5, 2024 01:58:29.914936066 CEST303OUTGET /canonical.html HTTP/1.1
                      Host: detectportal.firefox.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Connection: keep-alive
                      Sep 5, 2024 01:58:30.015398026 CEST298INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 90
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 01:51:25 GMT
                      Age: 79624
                      Content-Type: text/html
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                      Sep 5, 2024 01:58:40.016024113 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:58:50.028625965 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:00.038410902 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:00.637283087 CEST303OUTGET /canonical.html HTTP/1.1
                      Host: detectportal.firefox.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Connection: keep-alive
                      Sep 5, 2024 01:59:00.733997107 CEST298INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Length: 90
                      Via: 1.1 google
                      Date: Wed, 04 Sep 2024 01:51:25 GMT
                      Age: 79655
                      Content-Type: text/html
                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                      Sep 5, 2024 01:59:10.743179083 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:20.761768103 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:30.782155037 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:40.789968967 CEST6OUTData Raw: 00
                      Data Ascii:
                      Sep 5, 2024 01:59:50.799424887 CEST6OUTData Raw: 00
                      Data Ascii:


                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449746216.58.206.654434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:57:57 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                      Host: clients2.googleusercontent.com
                      Connection: keep-alive
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:57:57 UTC566INHTTP/1.1 200 OK
                      Accept-Ranges: bytes
                      Content-Length: 135751
                      X-GUploader-UploadID: AD-8ljsqFKFfhbFwMg_8uFT16hlYBQB1SjfJlh8NfP52lz5O7peADQi3K7DZ1yaXxlqmmX11G-Y
                      X-Goog-Hash: crc32c=IDdmTg==
                      Server: UploadServer
                      Date: Wed, 04 Sep 2024 19:15:10 GMT
                      Expires: Thu, 04 Sep 2025 19:15:10 GMT
                      Cache-Control: public, max-age=31536000
                      Age: 16967
                      Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                      ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                      Content-Type: application/x-chrome-extension
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-09-04 23:57:57 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                      Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                      2024-09-04 23:57:57 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                      Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                      2024-09-04 23:57:57 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                      Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                      2024-09-04 23:57:57 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                      Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                      2024-09-04 23:57:57 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                      Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                      2024-09-04 23:57:57 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                      Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                      2024-09-04 23:57:57 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                      Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                      2024-09-04 23:57:57 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                      Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                      2024-09-04 23:57:57 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                      Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                      2024-09-04 23:57:57 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                      Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.44975513.107.246.604434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:57:59 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                      Host: edgeassetservice.azureedge.net
                      Connection: keep-alive
                      Edge-Asset-Group: EntityExtractionDomainsConfig
                      Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                      Sec-Mesh-Client-Edge-Channel: stable
                      Sec-Mesh-Client-OS: Windows
                      Sec-Mesh-Client-OS-Version: 10.0.19045
                      Sec-Mesh-Client-Arch: x86_64
                      Sec-Mesh-Client-WebView: 0
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:57:59 UTC576INHTTP/1.1 200 OK
                      Date: Wed, 04 Sep 2024 23:57:59 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 70207
                      Connection: close
                      Content-Encoding: gzip
                      Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                      ETag: 0x8DCB31E67C22927
                      x-ms-request-id: 3afe9785-e01e-0066-3464-fbda5d000000
                      x-ms-version: 2009-09-19
                      x-ms-lease-status: unlocked
                      x-ms-blob-type: BlockBlob
                      x-azure-ref: 20240904T235759Z-16579567576s4v5z9ks8mdk6fw0000000bh000000000cdq6
                      Cache-Control: public, max-age=604800
                      x-fd-int-roxy-purgeid: 0
                      X-Cache-Info: L1_T2
                      X-Cache: TCP_HIT
                      Accept-Ranges: bytes
                      2024-09-04 23:57:59 UTC15808INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                      Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                      2024-09-04 23:58:00 UTC16384INData Raw: c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97
                      Data Ascii: q*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:
                      2024-09-04 23:58:00 UTC16384INData Raw: c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b
                      Data Ascii: Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|crkX
                      2024-09-04 23:58:00 UTC16384INData Raw: 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc
                      Data Ascii: AHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;
                      2024-09-04 23:58:00 UTC5247INData Raw: 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e
                      Data Ascii: *'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.449756184.28.90.27443
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:00 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-09-04 23:58:00 UTC467INHTTP/1.1 200 OK
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      Content-Type: application/octet-stream
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      Server: ECAcc (lpl/EF67)
                      X-CID: 11
                      X-Ms-ApiVersion: Distribute 1.2
                      X-Ms-Region: prod-weu-z1
                      Cache-Control: public, max-age=146860
                      Date: Wed, 04 Sep 2024 23:58:00 GMT
                      Connection: close
                      X-CID: 2


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.449766162.159.61.34434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:00 UTC245OUTPOST /dns-query HTTP/1.1
                      Host: chrome.cloudflare-dns.com
                      Connection: keep-alive
                      Content-Length: 128
                      Accept: application/dns-message
                      Accept-Language: *
                      User-Agent: Chrome
                      Accept-Encoding: identity
                      Content-Type: application/dns-message
                      2024-09-04 23:58:00 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      Data Ascii: wwwgstaticcom)TP
                      2024-09-04 23:58:00 UTC247INHTTP/1.1 200 OK
                      Server: cloudflare
                      Date: Wed, 04 Sep 2024 23:58:00 GMT
                      Content-Type: application/dns-message
                      Connection: close
                      Access-Control-Allow-Origin: *
                      Content-Length: 468
                      CF-RAY: 8be1ecd648c0c341-EWR
                      alt-svc: h3=":443"; ma=86400
                      2024-09-04 23:58:00 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0a 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      Data Ascii: wwwgstaticcom#)


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.449765172.64.41.34434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:00 UTC245OUTPOST /dns-query HTTP/1.1
                      Host: chrome.cloudflare-dns.com
                      Connection: keep-alive
                      Content-Length: 128
                      Accept: application/dns-message
                      Accept-Language: *
                      User-Agent: Chrome
                      Accept-Encoding: identity
                      Content-Type: application/dns-message
                      2024-09-04 23:58:00 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      Data Ascii: wwwgstaticcom)TP
                      2024-09-04 23:58:00 UTC247INHTTP/1.1 200 OK
                      Server: cloudflare
                      Date: Wed, 04 Sep 2024 23:58:00 GMT
                      Content-Type: application/dns-message
                      Connection: close
                      Access-Control-Allow-Origin: *
                      Content-Length: 468
                      CF-RAY: 8be1ecd62fed8c63-EWR
                      alt-svc: h3=":443"; ma=86400
                      2024-09-04 23:58:00 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 14 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      Data Ascii: wwwgstaticcom(c)


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.449767172.64.41.34434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:00 UTC245OUTPOST /dns-query HTTP/1.1
                      Host: chrome.cloudflare-dns.com
                      Connection: keep-alive
                      Content-Length: 128
                      Accept: application/dns-message
                      Accept-Language: *
                      User-Agent: Chrome
                      Accept-Encoding: identity
                      Content-Type: application/dns-message
                      2024-09-04 23:58:00 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      Data Ascii: wwwgstaticcom)TP
                      2024-09-04 23:58:00 UTC247INHTTP/1.1 200 OK
                      Server: cloudflare
                      Date: Wed, 04 Sep 2024 23:58:00 GMT
                      Content-Type: application/dns-message
                      Connection: close
                      Access-Control-Allow-Origin: *
                      Content-Length: 468
                      CF-RAY: 8be1ecd70c3e4238-EWR
                      alt-svc: h3=":443"; ma=86400
                      2024-09-04 23:58:00 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 da 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      Data Ascii: wwwgstaticcomPc)


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.449768184.28.90.27443
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:00 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                      Range: bytes=0-2147483646
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-09-04 23:58:01 UTC515INHTTP/1.1 200 OK
                      ApiVersion: Distribute 1.1
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      Content-Type: application/octet-stream
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      Server: ECAcc (lpl/EF06)
                      X-CID: 11
                      X-Ms-ApiVersion: Distribute 1.2
                      X-Ms-Region: prod-weu-z1
                      Cache-Control: public, max-age=146913
                      Date: Wed, 04 Sep 2024 23:58:01 GMT
                      Content-Length: 55
                      Connection: close
                      X-CID: 2
                      2024-09-04 23:58:01 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.44977013.107.246.604434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:01 UTC486OUTGET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1
                      Host: edgeassetservice.azureedge.net
                      Connection: keep-alive
                      Edge-Asset-Group: ArbitrationService
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:01 UTC552INHTTP/1.1 200 OK
                      Date: Wed, 04 Sep 2024 23:58:01 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 11989
                      Connection: close
                      Last-Modified: Tue, 03 Sep 2024 22:21:22 GMT
                      ETag: 0x8DCCC66BDBF99F0
                      x-ms-request-id: 27c1809a-d01e-002a-0cb0-fe1d42000000
                      x-ms-version: 2009-09-19
                      x-ms-lease-status: unlocked
                      x-ms-blob-type: BlockBlob
                      x-azure-ref: 20240904T235801Z-16579567576pgh4h94c7qn0kuc0000000bm000000000bbx4
                      Cache-Control: public, max-age=604800
                      x-fd-int-roxy-purgeid: 0
                      X-Cache-Info: L1_T2
                      X-Cache: TCP_HIT
                      Accept-Ranges: bytes
                      2024-09-04 23:58:01 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                      Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.44976913.107.246.604434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:01 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                      Host: edgeassetservice.azureedge.net
                      Connection: keep-alive
                      Edge-Asset-Group: Shoreline
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:01 UTC577INHTTP/1.1 200 OK
                      Date: Wed, 04 Sep 2024 23:58:01 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 306698
                      Connection: close
                      Content-Encoding: gzip
                      Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                      ETag: 0x8DBC9B5C40EBFF4
                      x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                      x-ms-version: 2009-09-19
                      x-ms-lease-status: unlocked
                      x-ms-blob-type: BlockBlob
                      x-azure-ref: 20240904T235801Z-16579567576w5bqfyu10zdac7g0000000bbg00000000beks
                      Cache-Control: public, max-age=604800
                      x-fd-int-roxy-purgeid: 0
                      X-Cache-Info: L1_T2
                      X-Cache: TCP_HIT
                      Accept-Ranges: bytes
                      2024-09-04 23:58:01 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                      Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                      2024-09-04 23:58:01 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                      Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                      2024-09-04 23:58:01 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                      Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                      2024-09-04 23:58:01 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                      Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                      2024-09-04 23:58:01 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                      Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                      2024-09-04 23:58:01 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                      Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                      2024-09-04 23:58:01 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                      Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                      2024-09-04 23:58:01 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                      Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                      2024-09-04 23:58:01 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                      Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                      2024-09-04 23:58:01 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                      Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.461454152.195.19.974434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:02 UTC616OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726099078&P2=404&P3=2&P4=mmJBR9cEvRv%2f3dkzLfTY3JBrKTtSCKsmh%2bfH2F4V2YcYQ5muL0qM7bYaP6XrLCMuKow7v71EJCTUrk1a2md64g%3d%3d HTTP/1.1
                      Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                      Connection: keep-alive
                      MS-CV: nWefcn5wXhtkjHvrl3By++
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:02 UTC632INHTTP/1.1 200 OK
                      Accept-Ranges: bytes
                      Age: 5420813
                      Cache-Control: public, max-age=17280000
                      Content-Type: application/x-chrome-extension
                      Date: Wed, 04 Sep 2024 23:58:02 GMT
                      Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                      Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                      MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                      MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                      MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                      Server: ECAcc (nyd/D11E)
                      X-AspNet-Version: 4.0.30319
                      X-AspNetMvc-Version: 5.3
                      X-Cache: HIT
                      X-CCC: US
                      X-CID: 11
                      X-Powered-By: ASP.NET
                      X-Powered-By: ARR/3.0
                      X-Powered-By: ASP.NET
                      Content-Length: 11185
                      Connection: close
                      2024-09-04 23:58:02 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                      Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      10192.168.2.46146413.107.246.404434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:02 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                      Host: edgeassetservice.azureedge.net
                      Connection: keep-alive
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:03 UTC536INHTTP/1.1 200 OK
                      Date: Wed, 04 Sep 2024 23:58:03 GMT
                      Content-Type: image/png
                      Content-Length: 1966
                      Connection: close
                      Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                      ETag: 0x8DBDCB5EC122A94
                      x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                      x-ms-version: 2009-09-19
                      x-ms-lease-status: unlocked
                      x-ms-blob-type: BlockBlob
                      x-azure-ref: 20240904T235803Z-165795675762h26c6ze2t4q7600000000bm000000000kzy2
                      Cache-Control: public, max-age=604800
                      x-fd-int-roxy-purgeid: 0
                      X-Cache-Info: L1_T2
                      X-Cache: TCP_HIT
                      Accept-Ranges: bytes
                      2024-09-04 23:58:03 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      11192.168.2.46146113.107.246.404434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:02 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                      Host: edgeassetservice.azureedge.net
                      Connection: keep-alive
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:03 UTC536INHTTP/1.1 200 OK
                      Date: Wed, 04 Sep 2024 23:58:03 GMT
                      Content-Type: image/png
                      Content-Length: 1751
                      Connection: close
                      Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                      ETag: 0x8DBCEA8D5AACC85
                      x-ms-request-id: 1e6d2d82-a01e-0061-7c30-fe2cd8000000
                      x-ms-version: 2009-09-19
                      x-ms-lease-status: unlocked
                      x-ms-blob-type: BlockBlob
                      x-azure-ref: 20240904T235803Z-16579567576w5bqfyu10zdac7g0000000beg000000003m63
                      Cache-Control: public, max-age=604800
                      x-fd-int-roxy-purgeid: 0
                      X-Cache-Info: L1_T2
                      X-Cache: TCP_HIT
                      Accept-Ranges: bytes
                      2024-09-04 23:58:03 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      12192.168.2.46145913.107.246.404434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:03 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                      Host: edgeassetservice.azureedge.net
                      Connection: keep-alive
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:03 UTC536INHTTP/1.1 200 OK
                      Date: Wed, 04 Sep 2024 23:58:03 GMT
                      Content-Type: image/png
                      Content-Length: 1427
                      Connection: close
                      Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                      ETag: 0x8DBDCB5EF021F8E
                      x-ms-request-id: 493a985f-801e-0076-6330-feecbb000000
                      x-ms-version: 2009-09-19
                      x-ms-lease-status: unlocked
                      x-ms-blob-type: BlockBlob
                      x-azure-ref: 20240904T235803Z-16579567576xfl5xzh7yws029s0000000bg000000000n2g7
                      Cache-Control: public, max-age=604800
                      x-fd-int-roxy-purgeid: 0
                      X-Cache-Info: L1_T2
                      X-Cache: TCP_HIT
                      Accept-Ranges: bytes
                      2024-09-04 23:58:03 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      13192.168.2.46146013.107.246.404434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:03 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                      Host: edgeassetservice.azureedge.net
                      Connection: keep-alive
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:03 UTC536INHTTP/1.1 200 OK
                      Date: Wed, 04 Sep 2024 23:58:03 GMT
                      Content-Type: image/png
                      Content-Length: 2008
                      Connection: close
                      Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                      ETag: 0x8DBC9B5C0C17219
                      x-ms-request-id: dfec3c64-301e-004d-1130-feaee5000000
                      x-ms-version: 2009-09-19
                      x-ms-lease-status: unlocked
                      x-ms-blob-type: BlockBlob
                      x-azure-ref: 20240904T235803Z-16579567576gnfmq2acf56mm700000000bcg00000000mkdm
                      Cache-Control: public, max-age=604800
                      x-fd-int-roxy-purgeid: 0
                      X-Cache-Info: L1_T2
                      X-Cache: TCP_HIT
                      Accept-Ranges: bytes
                      2024-09-04 23:58:03 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      14192.168.2.46146313.107.246.404434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:03 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                      Host: edgeassetservice.azureedge.net
                      Connection: keep-alive
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:03 UTC536INHTTP/1.1 200 OK
                      Date: Wed, 04 Sep 2024 23:58:03 GMT
                      Content-Type: image/png
                      Content-Length: 2229
                      Connection: close
                      Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                      ETag: 0x8DBD59359A9E77B
                      x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                      x-ms-version: 2009-09-19
                      x-ms-lease-status: unlocked
                      x-ms-blob-type: BlockBlob
                      x-azure-ref: 20240904T235803Z-16579567576p25xcxh3nycmsaw0000000ba00000000088zp
                      Cache-Control: public, max-age=604800
                      x-fd-int-roxy-purgeid: 0
                      X-Cache-Info: L1_T2
                      X-Cache: TCP_HIT
                      Accept-Ranges: bytes
                      2024-09-04 23:58:03 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      15192.168.2.46146213.107.246.404434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:03 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                      Host: edgeassetservice.azureedge.net
                      Connection: keep-alive
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:03 UTC543INHTTP/1.1 200 OK
                      Date: Wed, 04 Sep 2024 23:58:03 GMT
                      Content-Type: image/png
                      Content-Length: 1154
                      Connection: close
                      Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                      ETag: 0x8DBD5935D5B3965
                      x-ms-request-id: d980f417-701e-004a-5a07-ff5860000000
                      x-ms-version: 2009-09-19
                      x-ms-lease-status: unlocked
                      x-ms-blob-type: BlockBlob
                      x-azure-ref: 20240904T235803Z-16579567576h9nndaeer0cv35w0000000bh0000000006mfq
                      Cache-Control: public, max-age=604800
                      x-fd-int-roxy-purgeid: 69316365
                      X-Cache: TCP_HIT
                      X-Cache-Info: L1_T2
                      Accept-Ranges: bytes
                      2024-09-04 23:58:03 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      16192.168.2.461466142.251.40.2064434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:03 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                      Host: play.google.com
                      Connection: keep-alive
                      Accept: */*
                      Access-Control-Request-Method: POST
                      Access-Control-Request-Headers: x-goog-authuser
                      Origin: https://accounts.google.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Sec-Fetch-Mode: cors
                      Sec-Fetch-Site: same-site
                      Sec-Fetch-Dest: empty
                      Referer: https://accounts.google.com/
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:03 UTC520INHTTP/1.1 200 OK
                      Access-Control-Allow-Origin: https://accounts.google.com
                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                      Access-Control-Max-Age: 86400
                      Access-Control-Allow-Credentials: true
                      Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                      Content-Type: text/plain; charset=UTF-8
                      Date: Wed, 04 Sep 2024 23:58:03 GMT
                      Server: Playlog
                      Content-Length: 0
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      17192.168.2.461465142.251.40.2064434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:03 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                      Host: play.google.com
                      Connection: keep-alive
                      Accept: */*
                      Access-Control-Request-Method: POST
                      Access-Control-Request-Headers: x-goog-authuser
                      Origin: https://accounts.google.com
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Sec-Fetch-Mode: cors
                      Sec-Fetch-Site: same-site
                      Sec-Fetch-Dest: empty
                      Referer: https://accounts.google.com/
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:03 UTC520INHTTP/1.1 200 OK
                      Access-Control-Allow-Origin: https://accounts.google.com
                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                      Access-Control-Max-Age: 86400
                      Access-Control-Allow-Credentials: true
                      Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                      Content-Type: text/plain; charset=UTF-8
                      Date: Wed, 04 Sep 2024 23:58:03 GMT
                      Server: Playlog
                      Content-Length: 0
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      18192.168.2.461467142.250.81.2284434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:03 UTC899OUTGET /favicon.ico HTTP/1.1
                      Host: www.google.com
                      Connection: keep-alive
                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      sec-ch-ua-arch: "x86"
                      sec-ch-ua-full-version: "117.0.2045.47"
                      sec-ch-ua-platform-version: "10.0.0"
                      sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                      sec-ch-ua-bitness: "64"
                      sec-ch-ua-model: ""
                      sec-ch-ua-wow64: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: same-site
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Referer: https://accounts.google.com/
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:03 UTC705INHTTP/1.1 200 OK
                      Accept-Ranges: bytes
                      Cross-Origin-Resource-Policy: cross-origin
                      Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                      Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                      Content-Length: 5430
                      X-Content-Type-Options: nosniff
                      Server: sffe
                      X-XSS-Protection: 0
                      Date: Wed, 04 Sep 2024 23:22:30 GMT
                      Expires: Thu, 12 Sep 2024 23:22:30 GMT
                      Cache-Control: public, max-age=691200
                      Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                      Content-Type: image/x-icon
                      Vary: Accept-Encoding
                      Age: 2133
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-09-04 23:58:03 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                      Data Ascii: h& ( 0.v]X:X:rY
                      2024-09-04 23:58:03 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                      Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                      2024-09-04 23:58:03 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                      Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                      2024-09-04 23:58:03 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                      Data Ascii: BBBBBBF!4I
                      2024-09-04 23:58:03 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                      Data Ascii: $'


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      19192.168.2.46146813.107.246.404434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:03 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                      Host: edgeassetservice.azureedge.net
                      Connection: keep-alive
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:03 UTC543INHTTP/1.1 200 OK
                      Date: Wed, 04 Sep 2024 23:58:03 GMT
                      Content-Type: image/png
                      Content-Length: 1468
                      Connection: close
                      Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                      ETag: 0x8DBDCB5E23DFC43
                      x-ms-request-id: f8a0931b-601e-0038-3afc-fe295e000000
                      x-ms-version: 2009-09-19
                      x-ms-lease-status: unlocked
                      x-ms-blob-type: BlockBlob
                      x-azure-ref: 20240904T235803Z-16579567576txfkctmnqv2e9c40000000bd0000000001czr
                      Cache-Control: public, max-age=604800
                      x-fd-int-roxy-purgeid: 69316365
                      X-Cache: TCP_HIT
                      X-Cache-Info: L1_T2
                      Accept-Ranges: bytes
                      2024-09-04 23:58:03 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      20192.168.2.461475142.251.40.2344434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:05 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                      Host: www.googleapis.com
                      Connection: keep-alive
                      Content-Length: 119
                      Content-Type: application/json
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:05 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 49 6d 2f 49 53 38 63 4d 66 64 37 7a 7a 73 65 53 37 32 2f 78 6f 2b 47 53 45 4c 30 59 38 53 62 75 42 33 6d 6f 56 31 58 49 44 5a 67 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                      Data Ascii: {"hash":"Im/IS8cMfd7zzseS72/xo+GSEL0Y8SbuB3moV1XIDZg=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                      2024-09-04 23:58:05 UTC341INHTTP/1.1 200 OK
                      Content-Type: application/json; charset=UTF-8
                      Vary: Origin
                      Vary: X-Origin
                      Vary: Referer
                      Date: Wed, 04 Sep 2024 23:58:05 GMT
                      Server: ESF
                      Content-Length: 483
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      X-Content-Type-Options: nosniff
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-09-04 23:58:05 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 56 4e 6f 71 75 45 32 59 69 73 69 4b 67 36 37 45 79 7a 2f 68 79 46 6f 2b 79 74 64 2f 71 47 72 53 58 52 32 54 61 78 36 43 73 41 78 44 72 30 31 6f 56 30 6b 41 36 62 4f 6f 76 33 6a 77 6a 31 49 2f 4f 43 34 6c 41 52 39 5a 4e 68 2b 50 73 63 58 6d 53 58 42 39 34 6c 54 7a 42 34 43 48 2f 44 76 41 41 4f 66 47 49 75 4a 44 38 4d 5a 4d 57 69 43 51 55 56 63 31 6a 35 32 4c 42 34 69 51 69 59 4d 4d 2f 43 4c 2b 6b 69 35 55 32 57 6e 48 4f 48 6a 48 61 47 55 4d 58 79 72 61 73 54 47 33 44 56 42 77 43 75 72 36 2f 63 74 6b 43 44 59 43 45 79 4e 42 59 2b 57 44 79 49 6c 4e 61 5a 48 79 35 37 48 70 36 4e 48 66 57 69 58 4a 63 42 41 35 6c 67 74 2f 6f 6d 4c 66
                      Data Ascii: { "protocol_version": 1, "signature": "VNoquE2YisiKg67Eyz/hyFo+ytd/qGrSXR2Tax6CsAxDr01oV0kA6bOov3jwj1I/OC4lAR9ZNh+PscXmSXB94lTzB4CH/DvAAOfGIuJD8MZMWiCQUVc1j52LB4iQiYMM/CL+ki5U2WnHOHjHaGUMXyrasTG3DVBwCur6/ctkCDYCEyNBY+WDyIlNaZHy57Hp6NHfWiXJcBA5lgt/omLf


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      21192.168.2.46147652.165.165.26443
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:10 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=VS9nhum5WpCXfS4&MD=GPPX+CVv HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2024-09-04 23:58:10 UTC560INHTTP/1.1 200 OK
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Content-Type: application/octet-stream
                      Expires: -1
                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                      MS-CorrelationId: 65d656ce-1f2c-462f-ad35-b75151daf5f1
                      MS-RequestId: ab46427e-6143-487c-a306-fcddfcbec9b8
                      MS-CV: F2H2QCeuKk6Cp7rt.0
                      X-Microsoft-SLSClientCache: 2880
                      Content-Disposition: attachment; filename=environment.cab
                      X-Content-Type-Options: nosniff
                      Date: Wed, 04 Sep 2024 23:58:10 GMT
                      Connection: close
                      Content-Length: 24490
                      2024-09-04 23:58:10 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                      2024-09-04 23:58:10 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      22192.168.2.46149252.165.165.26443
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:48 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=VS9nhum5WpCXfS4&MD=GPPX+CVv HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2024-09-04 23:58:48 UTC560INHTTP/1.1 200 OK
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Content-Type: application/octet-stream
                      Expires: -1
                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                      ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                      MS-CorrelationId: 59fb19de-0164-4829-954a-7476f6ca0f99
                      MS-RequestId: 24a9c7e0-5b3d-4a98-b15a-9921ff4ebff2
                      MS-CV: XgC0wgZISUqg6PHc.0
                      X-Microsoft-SLSClientCache: 1440
                      Content-Disposition: attachment; filename=environment.cab
                      X-Content-Type-Options: nosniff
                      Date: Wed, 04 Sep 2024 23:58:48 GMT
                      Connection: close
                      Content-Length: 30005
                      2024-09-04 23:58:48 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                      Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                      2024-09-04 23:58:49 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                      Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      23192.168.2.46149423.219.161.1324434828C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      TimestampBytes transferredDirectionData
                      2024-09-04 23:58:57 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                      Host: bzib.nelreports.net
                      Connection: keep-alive
                      Origin: https://business.bing.com
                      Access-Control-Request-Method: POST
                      Access-Control-Request-Headers: content-type
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      2024-09-04 23:58:58 UTC332INHTTP/1.1 429 Too Many Requests
                      Content-Length: 0
                      Date: Wed, 04 Sep 2024 23:58:57 GMT
                      Connection: close
                      PMUSER_FORMAT_QS:
                      X-CDN-TraceId: 0.84112317.1725494337.102ba7ac
                      Access-Control-Allow-Credentials: false
                      Access-Control-Allow-Methods: *
                      Access-Control-Allow-Methods: GET, OPTIONS, POST
                      Access-Control-Allow-Origin: *


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:19:57:50
                      Start date:04/09/2024
                      Path:C:\Users\user\Desktop\file.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\file.exe"
                      Imagebase:0x4d0000
                      File size:917'504 bytes
                      MD5 hash:DEFD39769340947B16036D0CE301EACD
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:1
                      Start time:19:57:51
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                      Imagebase:0x7ff67dcd0000
                      File size:4'210'216 bytes
                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:2
                      Start time:19:57:51
                      Start date:04/09/2024
                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                      Imagebase:0x7ff6bf500000
                      File size:676'768 bytes
                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:4
                      Start time:19:57:51
                      Start date:04/09/2024
                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                      Imagebase:0x7ff6bf500000
                      File size:676'768 bytes
                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:5
                      Start time:19:57:51
                      Start date:04/09/2024
                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                      Imagebase:0x7ff6bf500000
                      File size:676'768 bytes
                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      General

                      Target ID:6
                      Start time:19:57:51
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,14014795037876426024,10836823907015113574,262144 /prefetch:3
                      Imagebase:0x7ff67dcd0000
                      File size:4'210'216 bytes
                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:7
                      Start time:19:57:51
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                      Imagebase:0x7ff67dcd0000
                      File size:4'210'216 bytes
                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:false

                      General

                      Target ID:8
                      Start time:19:57:53
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3996 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:3
                      Imagebase:0x7ff67dcd0000
                      File size:4'210'216 bytes
                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:false

                      General

                      Target ID:10
                      Start time:19:57:56
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6364 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8
                      Imagebase:0x7ff67dcd0000
                      File size:4'210'216 bytes
                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:11
                      Start time:19:57:56
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6440 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8
                      Imagebase:0x7ff67dcd0000
                      File size:4'210'216 bytes
                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:13
                      Start time:19:57:57
                      Start date:04/09/2024
                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2312 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c8e9b1-f66c-434b-8c3c-c115c545f02b} 7888 "\\.\pipe\gecko-crash-server-pipe.7888" 18ba2a6e510 socket
                      Imagebase:0x7ff6bf500000
                      File size:676'768 bytes
                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      General

                      Target ID:14
                      Start time:19:57:58
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6972 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8
                      Imagebase:0x7ff75c1d0000
                      File size:1'255'976 bytes
                      MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:15
                      Start time:19:57:58
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6972 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8
                      Imagebase:0x7ff75c1d0000
                      File size:1'255'976 bytes
                      MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:true

                      General

                      Target ID:16
                      Start time:19:58:00
                      Start date:04/09/2024
                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4296 -parentBuildID 20230927232528 -prefsHandle 3864 -prefMapHandle 4288 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4abacea7-2677-4079-adfd-c5f883d9b5e1} 7888 "\\.\pipe\gecko-crash-server-pipe.7888" 18bb4bdf610 rdd
                      Imagebase:0x7ff6bf500000
                      File size:676'768 bytes
                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:false

                      General

                      Target ID:18
                      Start time:19:58:10
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                      Imagebase:0x7ff67dcd0000
                      File size:4'210'216 bytes
                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:true

                      General

                      Target ID:19
                      Start time:19:58:10
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2096,i,1085199010807938002,11552670726685906532,262144 /prefetch:3
                      Imagebase:0x7ff67dcd0000
                      File size:4'210'216 bytes
                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:true

                      General

                      Target ID:22
                      Start time:19:58:18
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                      Imagebase:0x7ff67dcd0000
                      File size:4'210'216 bytes
                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:true

                      General

                      Target ID:23
                      Start time:19:58:18
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2024,i,17758655322861619230,17304176494538820635,262144 /prefetch:3
                      Imagebase:0x7ff67dcd0000
                      File size:4'210'216 bytes
                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:true

                      General

                      Target ID:24
                      Start time:19:58:52
                      Start date:04/09/2024
                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6724 --field-trial-handle=3772,i,9797526551617955051,17894513503889798475,262144 /prefetch:8
                      Imagebase:0x7ff67dcd0000
                      File size:4'210'216 bytes
                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:false

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:1.8%
                        Dynamic/Decrypted Code Coverage:0%
                        Signature Coverage:7.2%
                        Total number of Nodes:1385
                        Total number of Limit Nodes:63
                        execution_graph 94311 4d1cad SystemParametersInfoW 94312 523f75 94323 4eceb1 94312->94323 94314 523f8b 94315 524006 94314->94315 94390 4ee300 23 API calls 94314->94390 94332 4dbf40 94315->94332 94318 524052 94321 524a88 94318->94321 94392 54359c 82 API calls __wsopen_s 94318->94392 94320 523fe6 94320->94318 94391 541abf 22 API calls 94320->94391 94324 4ecebf 94323->94324 94325 4eced2 94323->94325 94393 4daceb 23 API calls messages 94324->94393 94327 4eced7 94325->94327 94328 4ecf05 94325->94328 94394 4efddb 94327->94394 94404 4daceb 23 API calls messages 94328->94404 94331 4ecec9 94331->94314 94417 4dadf0 94332->94417 94334 4dbf9d 94335 5204b6 94334->94335 94336 4dbfa9 94334->94336 94446 54359c 82 API calls __wsopen_s 94335->94446 94338 4dc01e 94336->94338 94339 5204c6 94336->94339 94422 4dac91 94338->94422 94447 54359c 82 API calls __wsopen_s 94339->94447 94342 4dc603 94342->94318 94343 4dc7da 94435 4efe0b 94343->94435 94350 5204f5 94353 52055a 94350->94353 94448 4ed217 185 API calls 94350->94448 94352 4dc808 __fread_nolock 94357 4efe0b 22 API calls 94352->94357 94353->94342 94449 54359c 82 API calls __wsopen_s 94353->94449 94354 4efddb 22 API calls 94361 4dc039 __fread_nolock messages 94354->94361 94355 537120 22 API calls 94355->94361 94356 52091a 94483 543209 23 API calls 94356->94483 94362 4dc350 __fread_nolock messages 94357->94362 94358 4daf8a 22 API calls 94358->94361 94361->94342 94361->94343 94361->94350 94361->94352 94361->94353 94361->94354 94361->94355 94361->94356 94361->94358 94363 4dec40 185 API calls 94361->94363 94364 5208a5 94361->94364 94368 520591 94361->94368 94369 5208f6 94361->94369 94375 4dc237 94361->94375 94384 5209bf 94361->94384 94387 4dbbe0 40 API calls 94361->94387 94389 4efe0b 22 API calls 94361->94389 94426 4dad81 94361->94426 94451 537099 22 API calls __fread_nolock 94361->94451 94452 555745 54 API calls _wcslen 94361->94452 94453 4eaa42 22 API calls messages 94361->94453 94454 53f05c 40 API calls 94361->94454 94455 4da993 41 API calls 94361->94455 94456 4daceb 23 API calls messages 94361->94456 94374 4dc3ac 94362->94374 94445 4ece17 22 API calls messages 94362->94445 94363->94361 94457 4dec40 94364->94457 94367 5208cf 94367->94342 94481 4da81b 41 API calls 94367->94481 94450 54359c 82 API calls __wsopen_s 94368->94450 94482 54359c 82 API calls __wsopen_s 94369->94482 94374->94318 94379 4dc253 94375->94379 94484 4da8c7 22 API calls __fread_nolock 94375->94484 94378 520976 94485 4daceb 23 API calls messages 94378->94485 94379->94378 94383 4dc297 messages 94379->94383 94383->94384 94433 4daceb 23 API calls messages 94383->94433 94384->94342 94486 54359c 82 API calls __wsopen_s 94384->94486 94385 4dc335 94385->94384 94386 4dc342 94385->94386 94434 4da704 22 API calls messages 94386->94434 94387->94361 94389->94361 94390->94320 94391->94315 94392->94321 94393->94331 94397 4efde0 94394->94397 94396 4efdfa 94396->94331 94397->94396 94399 4efdfc 94397->94399 94405 4fea0c 94397->94405 94412 4f4ead 7 API calls 2 library calls 94397->94412 94400 4f066d 94399->94400 94413 4f32a4 RaiseException 94399->94413 94414 4f32a4 RaiseException 94400->94414 94402 4f068a 94402->94331 94404->94331 94411 503820 _free 94405->94411 94406 50385e 94416 4ff2d9 20 API calls _free 94406->94416 94407 503849 RtlAllocateHeap 94409 50385c 94407->94409 94407->94411 94409->94397 94411->94406 94411->94407 94415 4f4ead 7 API calls 2 library calls 94411->94415 94412->94397 94413->94400 94414->94402 94415->94411 94416->94409 94418 4dae01 94417->94418 94421 4dae1c messages 94417->94421 94487 4daec9 94418->94487 94420 4dae09 CharUpperBuffW 94420->94421 94421->94334 94423 4dacae 94422->94423 94424 4dacd1 94423->94424 94493 54359c 82 API calls __wsopen_s 94423->94493 94424->94361 94427 51fadb 94426->94427 94428 4dad92 94426->94428 94429 4efddb 22 API calls 94428->94429 94430 4dad99 94429->94430 94494 4dadcd 94430->94494 94433->94385 94434->94362 94437 4efddb 94435->94437 94436 4fea0c ___std_exception_copy 21 API calls 94436->94437 94437->94436 94438 4efdfa 94437->94438 94441 4efdfc 94437->94441 94507 4f4ead 7 API calls 2 library calls 94437->94507 94438->94352 94440 4f066d 94509 4f32a4 RaiseException 94440->94509 94441->94440 94508 4f32a4 RaiseException 94441->94508 94443 4f068a 94443->94352 94445->94362 94446->94339 94447->94342 94448->94353 94449->94342 94450->94342 94451->94361 94452->94361 94453->94361 94454->94361 94455->94361 94456->94361 94477 4dec76 messages 94457->94477 94458 4f0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94458->94477 94459 4f01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94459->94477 94460 524beb 94517 54359c 82 API calls __wsopen_s 94460->94517 94461 4efddb 22 API calls 94461->94477 94463 4dfef7 94473 4ded9d messages 94463->94473 94513 4da8c7 22 API calls __fread_nolock 94463->94513 94465 4df3ae messages 94465->94473 94514 54359c 82 API calls __wsopen_s 94465->94514 94466 4da8c7 22 API calls 94466->94477 94467 524600 94467->94473 94512 4da8c7 22 API calls __fread_nolock 94467->94512 94468 524b0b 94515 54359c 82 API calls __wsopen_s 94468->94515 94473->94367 94475 4dfbe3 94475->94465 94475->94473 94478 524bdc 94475->94478 94476 4da961 22 API calls 94476->94477 94477->94458 94477->94459 94477->94460 94477->94461 94477->94463 94477->94465 94477->94466 94477->94467 94477->94468 94477->94473 94477->94475 94477->94476 94480 4f00a3 29 API calls pre_c_initialization 94477->94480 94510 4e01e0 185 API calls 2 library calls 94477->94510 94511 4e06a0 41 API calls messages 94477->94511 94516 54359c 82 API calls __wsopen_s 94478->94516 94480->94477 94481->94369 94482->94342 94483->94375 94484->94379 94485->94384 94486->94342 94488 4daedc 94487->94488 94489 4daed9 __fread_nolock 94487->94489 94490 4efddb 22 API calls 94488->94490 94489->94420 94491 4daee7 94490->94491 94492 4efe0b 22 API calls 94491->94492 94492->94489 94493->94424 94498 4daddd 94494->94498 94495 4dadb6 94495->94361 94496 4efddb 22 API calls 94496->94498 94498->94495 94498->94496 94499 4dadcd 22 API calls 94498->94499 94501 4da961 94498->94501 94506 4da8c7 22 API calls __fread_nolock 94498->94506 94499->94498 94502 4efe0b 22 API calls 94501->94502 94503 4da976 94502->94503 94504 4efddb 22 API calls 94503->94504 94505 4da984 94504->94505 94505->94498 94506->94498 94507->94437 94508->94440 94509->94443 94510->94477 94511->94477 94512->94473 94513->94473 94514->94473 94515->94473 94516->94460 94517->94473 94518 4d1044 94523 4d10f3 94518->94523 94520 4d104a 94559 4f00a3 29 API calls __onexit 94520->94559 94522 4d1054 94560 4d1398 94523->94560 94527 4d116a 94528 4da961 22 API calls 94527->94528 94529 4d1174 94528->94529 94530 4da961 22 API calls 94529->94530 94531 4d117e 94530->94531 94532 4da961 22 API calls 94531->94532 94533 4d1188 94532->94533 94534 4da961 22 API calls 94533->94534 94535 4d11c6 94534->94535 94536 4da961 22 API calls 94535->94536 94537 4d1292 94536->94537 94570 4d171c 94537->94570 94541 4d12c4 94542 4da961 22 API calls 94541->94542 94543 4d12ce 94542->94543 94591 4e1940 94543->94591 94545 4d12f9 94601 4d1aab 94545->94601 94547 4d1315 94548 4d1325 GetStdHandle 94547->94548 94549 512485 94548->94549 94550 4d137a 94548->94550 94549->94550 94551 51248e 94549->94551 94553 4d1387 OleInitialize 94550->94553 94552 4efddb 22 API calls 94551->94552 94554 512495 94552->94554 94553->94520 94608 54011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 94554->94608 94556 51249e 94609 540944 CreateThread 94556->94609 94558 5124aa CloseHandle 94558->94550 94559->94522 94610 4d13f1 94560->94610 94563 4d13f1 22 API calls 94564 4d13d0 94563->94564 94565 4da961 22 API calls 94564->94565 94566 4d13dc 94565->94566 94617 4d6b57 94566->94617 94568 4d1129 94569 4d1bc3 6 API calls 94568->94569 94569->94527 94571 4da961 22 API calls 94570->94571 94572 4d172c 94571->94572 94573 4da961 22 API calls 94572->94573 94574 4d1734 94573->94574 94575 4da961 22 API calls 94574->94575 94576 4d174f 94575->94576 94577 4efddb 22 API calls 94576->94577 94578 4d129c 94577->94578 94579 4d1b4a 94578->94579 94580 4d1b58 94579->94580 94581 4da961 22 API calls 94580->94581 94582 4d1b63 94581->94582 94583 4da961 22 API calls 94582->94583 94584 4d1b6e 94583->94584 94585 4da961 22 API calls 94584->94585 94586 4d1b79 94585->94586 94587 4da961 22 API calls 94586->94587 94588 4d1b84 94587->94588 94589 4efddb 22 API calls 94588->94589 94590 4d1b96 RegisterWindowMessageW 94589->94590 94590->94541 94592 4e195d 94591->94592 94593 4e1981 94591->94593 94600 4e196e 94592->94600 94636 4f0242 5 API calls __Init_thread_wait 94592->94636 94634 4f0242 5 API calls __Init_thread_wait 94593->94634 94595 4e198b 94595->94592 94635 4f01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94595->94635 94597 4e8727 94597->94600 94637 4f01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94597->94637 94600->94545 94602 4d1abb 94601->94602 94603 51272d 94601->94603 94605 4efddb 22 API calls 94602->94605 94638 543209 23 API calls 94603->94638 94606 4d1ac3 94605->94606 94606->94547 94607 512738 94608->94556 94609->94558 94639 54092a 28 API calls 94609->94639 94611 4da961 22 API calls 94610->94611 94612 4d13fc 94611->94612 94613 4da961 22 API calls 94612->94613 94614 4d1404 94613->94614 94615 4da961 22 API calls 94614->94615 94616 4d13c6 94615->94616 94616->94563 94618 514ba1 94617->94618 94619 4d6b67 _wcslen 94617->94619 94630 4d93b2 94618->94630 94622 4d6b7d 94619->94622 94623 4d6ba2 94619->94623 94621 514baa 94621->94621 94629 4d6f34 22 API calls 94622->94629 94624 4efddb 22 API calls 94623->94624 94627 4d6bae 94624->94627 94626 4d6b85 __fread_nolock 94626->94568 94628 4efe0b 22 API calls 94627->94628 94628->94626 94629->94626 94631 4d93c0 94630->94631 94633 4d93c9 __fread_nolock 94630->94633 94632 4daec9 22 API calls 94631->94632 94631->94633 94632->94633 94633->94621 94634->94595 94635->94592 94636->94597 94637->94600 94638->94607 94640 4d2de3 94641 4d2df0 __wsopen_s 94640->94641 94642 4d2e09 94641->94642 94643 512c2b ___scrt_fastfail 94641->94643 94656 4d3aa2 94642->94656 94646 512c47 GetOpenFileNameW 94643->94646 94648 512c96 94646->94648 94649 4d6b57 22 API calls 94648->94649 94651 512cab 94649->94651 94651->94651 94653 4d2e27 94684 4d44a8 94653->94684 94713 511f50 94656->94713 94659 4d3ace 94662 4d6b57 22 API calls 94659->94662 94660 4d3ae9 94719 4da6c3 94660->94719 94663 4d3ada 94662->94663 94715 4d37a0 94663->94715 94666 4d2da5 94667 511f50 __wsopen_s 94666->94667 94668 4d2db2 GetLongPathNameW 94667->94668 94669 4d6b57 22 API calls 94668->94669 94670 4d2dda 94669->94670 94671 4d3598 94670->94671 94672 4da961 22 API calls 94671->94672 94673 4d35aa 94672->94673 94674 4d3aa2 23 API calls 94673->94674 94675 4d35b5 94674->94675 94676 4d35c0 94675->94676 94680 5132eb 94675->94680 94725 4d515f 94676->94725 94682 51330d 94680->94682 94737 4ece60 41 API calls 94680->94737 94683 4d35df 94683->94653 94738 4d4ecb 94684->94738 94687 513833 94760 542cf9 94687->94760 94688 4d4ecb 94 API calls 94690 4d44e1 94688->94690 94690->94687 94692 4d44e9 94690->94692 94691 513848 94693 513869 94691->94693 94694 51384c 94691->94694 94696 513854 94692->94696 94697 4d44f5 94692->94697 94695 4efe0b 22 API calls 94693->94695 94787 4d4f39 94694->94787 94712 5138ae 94695->94712 94793 53da5a 82 API calls 94696->94793 94786 4d940c 136 API calls 2 library calls 94697->94786 94701 4d2e31 94702 513862 94702->94693 94703 4d4f39 68 API calls 94706 513a5f 94703->94706 94706->94703 94799 53989b 82 API calls __wsopen_s 94706->94799 94709 4d9cb3 22 API calls 94709->94712 94712->94706 94712->94709 94794 53967e 22 API calls __fread_nolock 94712->94794 94795 5395ad 42 API calls _wcslen 94712->94795 94796 540b5a 22 API calls 94712->94796 94797 4da4a1 22 API calls __fread_nolock 94712->94797 94798 4d3ff7 22 API calls 94712->94798 94714 4d3aaf GetFullPathNameW 94713->94714 94714->94659 94714->94660 94716 4d37ae 94715->94716 94717 4d93b2 22 API calls 94716->94717 94718 4d2e12 94717->94718 94718->94666 94720 4da6dd 94719->94720 94721 4da6d0 94719->94721 94722 4efddb 22 API calls 94720->94722 94721->94663 94723 4da6e7 94722->94723 94724 4efe0b 22 API calls 94723->94724 94724->94721 94726 4d516e 94725->94726 94730 4d518f __fread_nolock 94725->94730 94728 4efe0b 22 API calls 94726->94728 94727 4efddb 22 API calls 94729 4d35cc 94727->94729 94728->94730 94731 4d35f3 94729->94731 94730->94727 94732 4d3605 94731->94732 94736 4d3624 __fread_nolock 94731->94736 94734 4efe0b 22 API calls 94732->94734 94733 4efddb 22 API calls 94735 4d363b 94733->94735 94734->94736 94735->94683 94736->94733 94737->94680 94800 4d4e90 LoadLibraryA 94738->94800 94743 4d4ef6 LoadLibraryExW 94808 4d4e59 LoadLibraryA 94743->94808 94744 513ccf 94746 4d4f39 68 API calls 94744->94746 94748 513cd6 94746->94748 94749 4d4e59 3 API calls 94748->94749 94751 513cde 94749->94751 94830 4d50f5 40 API calls __fread_nolock 94751->94830 94752 4d4f20 94752->94751 94753 4d4f2c 94752->94753 94755 4d4f39 68 API calls 94753->94755 94757 4d44cd 94755->94757 94756 513cf5 94831 5428fe 27 API calls 94756->94831 94757->94687 94757->94688 94759 513d05 94761 542d15 94760->94761 94908 4d511f 64 API calls 94761->94908 94763 542d29 94909 542e66 75 API calls 94763->94909 94765 542d3b 94784 542d3f 94765->94784 94910 4d50f5 40 API calls __fread_nolock 94765->94910 94767 542d56 94911 4d50f5 40 API calls __fread_nolock 94767->94911 94769 542d66 94912 4d50f5 40 API calls __fread_nolock 94769->94912 94771 542d81 94913 4d50f5 40 API calls __fread_nolock 94771->94913 94773 542d9c 94914 4d511f 64 API calls 94773->94914 94775 542db3 94776 4fea0c ___std_exception_copy 21 API calls 94775->94776 94777 542dba 94776->94777 94778 4fea0c ___std_exception_copy 21 API calls 94777->94778 94779 542dc4 94778->94779 94915 4d50f5 40 API calls __fread_nolock 94779->94915 94781 542dd8 94916 5428fe 27 API calls 94781->94916 94783 542dee 94783->94784 94917 5422ce 94783->94917 94784->94691 94786->94701 94788 4d4f4a 94787->94788 94789 4d4f43 94787->94789 94791 4d4f59 94788->94791 94792 4d4f6a FreeLibrary 94788->94792 94790 4fe678 67 API calls 94789->94790 94790->94788 94791->94696 94792->94791 94793->94702 94794->94712 94795->94712 94796->94712 94797->94712 94798->94712 94799->94706 94801 4d4ea8 GetProcAddress 94800->94801 94802 4d4ec6 94800->94802 94803 4d4eb8 94801->94803 94805 4fe5eb 94802->94805 94803->94802 94804 4d4ebf FreeLibrary 94803->94804 94804->94802 94832 4fe52a 94805->94832 94807 4d4eea 94807->94743 94807->94744 94809 4d4e8d 94808->94809 94810 4d4e6e GetProcAddress 94808->94810 94813 4d4f80 94809->94813 94811 4d4e7e 94810->94811 94811->94809 94812 4d4e86 FreeLibrary 94811->94812 94812->94809 94814 4efe0b 22 API calls 94813->94814 94815 4d4f95 94814->94815 94894 4d5722 94815->94894 94817 4d4fa1 __fread_nolock 94818 4d50a5 94817->94818 94819 513d1d 94817->94819 94829 4d4fdc 94817->94829 94897 4d42a2 CreateStreamOnHGlobal 94818->94897 94905 54304d 74 API calls 94819->94905 94822 513d22 94906 4d511f 64 API calls 94822->94906 94825 513d45 94907 4d50f5 40 API calls __fread_nolock 94825->94907 94827 4d506e messages 94827->94752 94829->94822 94829->94827 94903 4d50f5 40 API calls __fread_nolock 94829->94903 94904 4d511f 64 API calls 94829->94904 94830->94756 94831->94759 94835 4fe536 ___DestructExceptionObject 94832->94835 94833 4fe544 94857 4ff2d9 20 API calls _free 94833->94857 94835->94833 94837 4fe574 94835->94837 94836 4fe549 94858 5027ec 26 API calls _abort 94836->94858 94839 4fe579 94837->94839 94840 4fe586 94837->94840 94859 4ff2d9 20 API calls _free 94839->94859 94849 508061 94840->94849 94843 4fe58f 94844 4fe595 94843->94844 94845 4fe5a2 94843->94845 94860 4ff2d9 20 API calls _free 94844->94860 94861 4fe5d4 LeaveCriticalSection __fread_nolock 94845->94861 94847 4fe554 __wsopen_s 94847->94807 94850 50806d ___DestructExceptionObject 94849->94850 94862 502f5e EnterCriticalSection 94850->94862 94852 50807b 94863 5080fb 94852->94863 94856 5080ac __wsopen_s 94856->94843 94857->94836 94858->94847 94859->94847 94860->94847 94861->94847 94862->94852 94870 50811e 94863->94870 94864 508177 94881 504c7d 94864->94881 94869 508189 94875 508088 94869->94875 94889 503405 11 API calls 2 library calls 94869->94889 94870->94864 94870->94870 94870->94875 94879 4f918d EnterCriticalSection 94870->94879 94880 4f91a1 LeaveCriticalSection 94870->94880 94872 5081a8 94890 4f918d EnterCriticalSection 94872->94890 94876 5080b7 94875->94876 94893 502fa6 LeaveCriticalSection 94876->94893 94878 5080be 94878->94856 94879->94870 94880->94870 94886 504c8a _free 94881->94886 94882 504cca 94892 4ff2d9 20 API calls _free 94882->94892 94883 504cb5 RtlAllocateHeap 94884 504cc8 94883->94884 94883->94886 94888 5029c8 20 API calls _free 94884->94888 94886->94882 94886->94883 94891 4f4ead 7 API calls 2 library calls 94886->94891 94888->94869 94889->94872 94890->94875 94891->94886 94892->94884 94893->94878 94895 4efddb 22 API calls 94894->94895 94896 4d5734 94895->94896 94896->94817 94898 4d42bc FindResourceExW 94897->94898 94899 4d42d9 94897->94899 94898->94899 94900 5135ba LoadResource 94898->94900 94899->94829 94900->94899 94901 5135cf SizeofResource 94900->94901 94901->94899 94902 5135e3 LockResource 94901->94902 94902->94899 94903->94829 94904->94829 94905->94822 94906->94825 94907->94827 94908->94763 94909->94765 94910->94767 94911->94769 94912->94771 94913->94773 94914->94775 94915->94781 94916->94783 94918 5422d9 94917->94918 94920 5422e7 94917->94920 94919 4fe5eb 29 API calls 94918->94919 94919->94920 94921 54232c 94920->94921 94922 4fe5eb 29 API calls 94920->94922 94945 5422f0 94920->94945 94946 542557 40 API calls __fread_nolock 94921->94946 94923 542311 94922->94923 94923->94921 94926 54231a 94923->94926 94925 542370 94927 542374 94925->94927 94928 542395 94925->94928 94926->94945 94954 4fe678 94926->94954 94929 542381 94927->94929 94932 4fe678 67 API calls 94927->94932 94947 542171 94928->94947 94934 4fe678 67 API calls 94929->94934 94929->94945 94932->94929 94933 54239d 94935 5423c3 94933->94935 94936 5423a3 94933->94936 94934->94945 94967 5423f3 74 API calls 94935->94967 94938 5423b0 94936->94938 94939 4fe678 67 API calls 94936->94939 94940 4fe678 67 API calls 94938->94940 94938->94945 94939->94938 94940->94945 94941 5423ca 94942 5423de 94941->94942 94943 4fe678 67 API calls 94941->94943 94944 4fe678 67 API calls 94942->94944 94942->94945 94943->94942 94944->94945 94945->94784 94946->94925 94948 4fea0c ___std_exception_copy 21 API calls 94947->94948 94949 54217f 94948->94949 94950 4fea0c ___std_exception_copy 21 API calls 94949->94950 94951 542190 94950->94951 94952 4fea0c ___std_exception_copy 21 API calls 94951->94952 94953 54219c 94952->94953 94953->94933 94955 4fe684 ___DestructExceptionObject 94954->94955 94956 4fe6aa 94955->94956 94957 4fe695 94955->94957 94966 4fe6a5 __wsopen_s 94956->94966 94968 4f918d EnterCriticalSection 94956->94968 94985 4ff2d9 20 API calls _free 94957->94985 94960 4fe69a 94986 5027ec 26 API calls _abort 94960->94986 94961 4fe6c6 94969 4fe602 94961->94969 94964 4fe6d1 94987 4fe6ee LeaveCriticalSection __fread_nolock 94964->94987 94966->94945 94967->94941 94968->94961 94970 4fe60f 94969->94970 94971 4fe624 94969->94971 95020 4ff2d9 20 API calls _free 94970->95020 94976 4fe61f 94971->94976 94988 4fdc0b 94971->94988 94973 4fe614 95021 5027ec 26 API calls _abort 94973->95021 94976->94964 94981 4fe646 95005 50862f 94981->95005 94985->94960 94986->94966 94987->94966 94989 4fdc23 94988->94989 94993 4fdc1f 94988->94993 94990 4fd955 __fread_nolock 26 API calls 94989->94990 94989->94993 94991 4fdc43 94990->94991 95023 5059be 62 API calls 5 library calls 94991->95023 94994 504d7a 94993->94994 94995 504d90 94994->94995 94996 4fe640 94994->94996 94995->94996 95024 5029c8 20 API calls _free 94995->95024 94998 4fd955 94996->94998 94999 4fd976 94998->94999 95000 4fd961 94998->95000 94999->94981 95025 4ff2d9 20 API calls _free 95000->95025 95002 4fd966 95026 5027ec 26 API calls _abort 95002->95026 95004 4fd971 95004->94981 95006 508653 95005->95006 95007 50863e 95005->95007 95009 50868e 95006->95009 95014 50867a 95006->95014 95030 4ff2c6 20 API calls _free 95007->95030 95032 4ff2c6 20 API calls _free 95009->95032 95010 508643 95031 4ff2d9 20 API calls _free 95010->95031 95012 508693 95033 4ff2d9 20 API calls _free 95012->95033 95027 508607 95014->95027 95017 50869b 95034 5027ec 26 API calls _abort 95017->95034 95018 4fe64c 95018->94976 95022 5029c8 20 API calls _free 95018->95022 95020->94973 95021->94976 95022->94976 95023->94993 95024->94996 95025->95002 95026->95004 95035 508585 95027->95035 95029 50862b 95029->95018 95030->95010 95031->95018 95032->95012 95033->95017 95034->95018 95036 508591 ___DestructExceptionObject 95035->95036 95046 505147 EnterCriticalSection 95036->95046 95038 50859f 95039 5085d1 95038->95039 95040 5085c6 95038->95040 95062 4ff2d9 20 API calls _free 95039->95062 95047 5086ae 95040->95047 95043 5085cc 95063 5085fb LeaveCriticalSection __wsopen_s 95043->95063 95045 5085ee __wsopen_s 95045->95029 95046->95038 95064 5053c4 95047->95064 95049 5086c4 95077 505333 21 API calls 3 library calls 95049->95077 95051 5086be 95051->95049 95053 5053c4 __wsopen_s 26 API calls 95051->95053 95061 5086f6 95051->95061 95052 50871c 95060 50873e 95052->95060 95078 4ff2a3 20 API calls 2 library calls 95052->95078 95056 5086ed 95053->95056 95054 5053c4 __wsopen_s 26 API calls 95055 508702 FindCloseChangeNotification 95054->95055 95055->95049 95057 50870e GetLastError 95055->95057 95059 5053c4 __wsopen_s 26 API calls 95056->95059 95057->95049 95059->95061 95060->95043 95061->95049 95061->95054 95062->95043 95063->95045 95065 5053d1 95064->95065 95066 5053e6 95064->95066 95067 4ff2c6 __dosmaperr 20 API calls 95065->95067 95069 4ff2c6 __dosmaperr 20 API calls 95066->95069 95071 50540b 95066->95071 95068 5053d6 95067->95068 95070 4ff2d9 _free 20 API calls 95068->95070 95072 505416 95069->95072 95073 5053de 95070->95073 95071->95051 95074 4ff2d9 _free 20 API calls 95072->95074 95073->95051 95075 50541e 95074->95075 95076 5027ec _abort 26 API calls 95075->95076 95076->95073 95077->95052 95078->95060 95079 508402 95084 5081be 95079->95084 95082 50842a 95085 5081ef try_get_first_available_module 95084->95085 95092 508338 95085->95092 95099 4f8e0b 40 API calls 2 library calls 95085->95099 95087 5083ee 95103 5027ec 26 API calls _abort 95087->95103 95089 508343 95089->95082 95096 510984 95089->95096 95091 50838c 95091->95092 95100 4f8e0b 40 API calls 2 library calls 95091->95100 95092->95089 95102 4ff2d9 20 API calls _free 95092->95102 95094 5083ab 95094->95092 95101 4f8e0b 40 API calls 2 library calls 95094->95101 95104 510081 95096->95104 95098 51099f 95098->95082 95099->95091 95100->95094 95101->95092 95102->95087 95103->95089 95107 51008d ___DestructExceptionObject 95104->95107 95105 51009b 95161 4ff2d9 20 API calls _free 95105->95161 95107->95105 95109 5100d4 95107->95109 95108 5100a0 95162 5027ec 26 API calls _abort 95108->95162 95115 51065b 95109->95115 95114 5100aa __wsopen_s 95114->95098 95116 510678 95115->95116 95117 5106a6 95116->95117 95118 51068d 95116->95118 95164 505221 95117->95164 95178 4ff2c6 20 API calls _free 95118->95178 95121 5106ab 95122 5106b4 95121->95122 95123 5106cb 95121->95123 95180 4ff2c6 20 API calls _free 95122->95180 95177 51039a CreateFileW 95123->95177 95127 5106b9 95181 4ff2d9 20 API calls _free 95127->95181 95129 510781 GetFileType 95131 5107d3 95129->95131 95132 51078c GetLastError 95129->95132 95130 510756 GetLastError 95183 4ff2a3 20 API calls 2 library calls 95130->95183 95186 50516a 21 API calls 3 library calls 95131->95186 95184 4ff2a3 20 API calls 2 library calls 95132->95184 95133 510704 95133->95129 95133->95130 95182 51039a CreateFileW 95133->95182 95136 51079a CloseHandle 95138 510692 95136->95138 95139 5107c3 95136->95139 95179 4ff2d9 20 API calls _free 95138->95179 95185 4ff2d9 20 API calls _free 95139->95185 95141 510749 95141->95129 95141->95130 95143 5107f4 95145 510840 95143->95145 95187 5105ab 72 API calls 4 library calls 95143->95187 95144 5107c8 95144->95138 95149 51086d 95145->95149 95188 51014d 72 API calls 4 library calls 95145->95188 95148 510866 95148->95149 95150 51087e 95148->95150 95151 5086ae __wsopen_s 29 API calls 95149->95151 95152 5100f8 95150->95152 95153 5108fc CloseHandle 95150->95153 95151->95152 95163 510121 LeaveCriticalSection __wsopen_s 95152->95163 95189 51039a CreateFileW 95153->95189 95155 510927 95156 510931 GetLastError 95155->95156 95157 51095d 95155->95157 95190 4ff2a3 20 API calls 2 library calls 95156->95190 95157->95152 95159 51093d 95191 505333 21 API calls 3 library calls 95159->95191 95161->95108 95162->95114 95163->95114 95165 50522d ___DestructExceptionObject 95164->95165 95192 502f5e EnterCriticalSection 95165->95192 95167 505259 95196 505000 95167->95196 95168 505234 95168->95167 95173 5052c7 EnterCriticalSection 95168->95173 95176 50527b 95168->95176 95171 5052a4 __wsopen_s 95171->95121 95174 5052d4 LeaveCriticalSection 95173->95174 95173->95176 95174->95168 95193 50532a 95176->95193 95177->95133 95178->95138 95179->95152 95180->95127 95181->95138 95182->95141 95183->95138 95184->95136 95185->95144 95186->95143 95187->95145 95188->95148 95189->95155 95190->95159 95191->95157 95192->95168 95204 502fa6 LeaveCriticalSection 95193->95204 95195 505331 95195->95171 95197 504c7d _free 20 API calls 95196->95197 95198 505012 95197->95198 95202 50501f 95198->95202 95205 503405 11 API calls 2 library calls 95198->95205 95201 505071 95201->95176 95203 505147 EnterCriticalSection 95201->95203 95206 5029c8 20 API calls _free 95202->95206 95203->95176 95204->95195 95205->95198 95206->95201 95207 522a00 95221 4dd7b0 messages 95207->95221 95208 4ddb11 PeekMessageW 95208->95221 95209 4dd807 GetInputState 95209->95208 95209->95221 95211 521cbe TranslateAcceleratorW 95211->95221 95212 4dda04 timeGetTime 95212->95221 95213 4ddb8f PeekMessageW 95213->95221 95214 4ddb73 TranslateMessage DispatchMessageW 95214->95213 95215 4ddbaf Sleep 95232 4ddbc0 95215->95232 95216 522b74 Sleep 95216->95232 95217 4ee551 timeGetTime 95217->95232 95218 521dda timeGetTime 95302 4ee300 23 API calls 95218->95302 95221->95208 95221->95209 95221->95211 95221->95212 95221->95213 95221->95214 95221->95215 95221->95216 95221->95218 95228 4dd9d5 95221->95228 95235 4dec40 185 API calls 95221->95235 95237 4dbf40 185 API calls 95221->95237 95239 4ddd50 95221->95239 95246 4e1310 95221->95246 95300 4ddfd0 185 API calls 3 library calls 95221->95300 95301 4eedf6 IsDialogMessageW GetClassLongW 95221->95301 95303 543a2a 23 API calls 95221->95303 95304 54359c 82 API calls __wsopen_s 95221->95304 95222 522c0b GetExitCodeProcess 95223 522c21 WaitForSingleObject 95222->95223 95224 522c37 CloseHandle 95222->95224 95223->95221 95223->95224 95224->95232 95225 522a31 95225->95228 95226 5629bf GetForegroundWindow 95226->95232 95229 522ca9 Sleep 95229->95221 95232->95217 95232->95221 95232->95222 95232->95225 95232->95226 95232->95228 95232->95229 95305 555658 23 API calls 95232->95305 95306 53e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95232->95306 95307 53d4dc CreateToolhelp32Snapshot Process32FirstW 95232->95307 95235->95221 95237->95221 95240 4ddd6f 95239->95240 95241 4ddd83 95239->95241 95317 4dd260 95240->95317 95349 54359c 82 API calls __wsopen_s 95241->95349 95243 4ddd7a 95243->95221 95245 522f75 95245->95245 95247 4e1376 95246->95247 95248 4e17b0 95246->95248 95250 526331 95247->95250 95251 4e1390 95247->95251 95371 4f0242 5 API calls __Init_thread_wait 95248->95371 95382 55709c 185 API calls 95250->95382 95254 4e1940 9 API calls 95251->95254 95253 4e17ba 95256 4e17fb 95253->95256 95372 4d9cb3 95253->95372 95257 4e13a0 95254->95257 95255 52633d 95255->95221 95261 526346 95256->95261 95263 4e182c 95256->95263 95259 4e1940 9 API calls 95257->95259 95260 4e13b6 95259->95260 95260->95256 95262 4e13ec 95260->95262 95383 54359c 82 API calls __wsopen_s 95261->95383 95262->95261 95286 4e1408 __fread_nolock 95262->95286 95379 4daceb 23 API calls messages 95263->95379 95266 4e1839 95380 4ed217 185 API calls 95266->95380 95267 4e17d4 95378 4f01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95267->95378 95270 52636e 95384 54359c 82 API calls __wsopen_s 95270->95384 95271 4e152f 95273 4e153c 95271->95273 95274 5263d1 95271->95274 95276 4e1940 9 API calls 95273->95276 95386 555745 54 API calls _wcslen 95274->95386 95278 4e1549 95276->95278 95277 4efddb 22 API calls 95277->95286 95279 5264fa 95278->95279 95282 4e1940 9 API calls 95278->95282 95290 526369 95279->95290 95388 54359c 82 API calls __wsopen_s 95279->95388 95280 4e1872 95381 4efaeb 23 API calls 95280->95381 95281 4efe0b 22 API calls 95281->95286 95288 4e1563 95282->95288 95285 4dec40 185 API calls 95285->95286 95286->95266 95286->95270 95286->95271 95286->95277 95286->95281 95286->95285 95287 5263b2 95286->95287 95286->95290 95385 54359c 82 API calls __wsopen_s 95287->95385 95288->95279 95293 4e15c7 messages 95288->95293 95387 4da8c7 22 API calls __fread_nolock 95288->95387 95290->95221 95292 4e1940 9 API calls 95292->95293 95293->95279 95293->95280 95293->95290 95293->95292 95295 4e167b messages 95293->95295 95357 55ac5b 95293->95357 95360 545c5a 95293->95360 95365 55a2ea 95293->95365 95294 4e171d 95294->95221 95295->95294 95370 4ece17 22 API calls messages 95295->95370 95300->95221 95301->95221 95302->95221 95303->95221 95304->95221 95305->95232 95306->95232 95453 53def7 95307->95453 95309 53d5db FindCloseChangeNotification 95309->95232 95310 53d529 Process32NextW 95310->95309 95316 53d522 95310->95316 95311 4da961 22 API calls 95311->95316 95312 4d9cb3 22 API calls 95312->95316 95316->95309 95316->95310 95316->95311 95316->95312 95459 4d525f 22 API calls 95316->95459 95460 4d6350 22 API calls 95316->95460 95461 4ece60 41 API calls 95316->95461 95318 4dec40 185 API calls 95317->95318 95337 4dd29d 95318->95337 95319 521bc4 95356 54359c 82 API calls __wsopen_s 95319->95356 95321 4dd30b messages 95321->95243 95322 4dd3c3 95323 4dd3ce 95322->95323 95324 4dd6d5 95322->95324 95326 4efddb 22 API calls 95323->95326 95324->95321 95333 4efe0b 22 API calls 95324->95333 95325 4dd5ff 95327 521bb5 95325->95327 95328 4dd614 95325->95328 95338 4dd3d5 __fread_nolock 95326->95338 95355 555705 23 API calls 95327->95355 95331 4efddb 22 API calls 95328->95331 95329 4dd4b8 95334 4efe0b 22 API calls 95329->95334 95341 4dd46a 95331->95341 95332 4efddb 22 API calls 95332->95337 95333->95338 95344 4dd429 __fread_nolock messages 95334->95344 95335 4efddb 22 API calls 95336 4dd3f6 95335->95336 95336->95344 95350 4dbec0 185 API calls 95336->95350 95337->95319 95337->95321 95337->95322 95337->95324 95337->95329 95337->95332 95337->95344 95338->95335 95338->95336 95340 521ba4 95354 54359c 82 API calls __wsopen_s 95340->95354 95341->95243 95344->95325 95344->95340 95344->95341 95345 521b7f 95344->95345 95347 521b5d 95344->95347 95351 4d1f6f 185 API calls 95344->95351 95353 54359c 82 API calls __wsopen_s 95345->95353 95352 54359c 82 API calls __wsopen_s 95347->95352 95349->95245 95350->95344 95351->95344 95352->95341 95353->95341 95354->95341 95355->95319 95356->95321 95389 55ad64 95357->95389 95359 55ac6f 95359->95293 95361 4d7510 53 API calls 95360->95361 95362 545c6d 95361->95362 95448 53dbbe lstrlenW 95362->95448 95364 545c77 95364->95293 95366 4d7510 53 API calls 95365->95366 95367 55a306 95366->95367 95368 53d4dc 47 API calls 95367->95368 95369 55a315 95368->95369 95369->95293 95370->95295 95371->95253 95373 4d9cc2 _wcslen 95372->95373 95374 4efe0b 22 API calls 95373->95374 95375 4d9cea __fread_nolock 95374->95375 95376 4efddb 22 API calls 95375->95376 95377 4d9d00 95376->95377 95377->95267 95378->95256 95379->95266 95380->95280 95381->95280 95382->95255 95383->95290 95384->95290 95385->95290 95386->95288 95387->95293 95388->95290 95390 4da961 22 API calls 95389->95390 95392 55ad77 ___scrt_fastfail 95390->95392 95391 55adce 95394 55adee 95391->95394 95397 4d7510 53 API calls 95391->95397 95392->95391 95393 4d7510 53 API calls 95392->95393 95396 55adab 95393->95396 95395 55ae3a 95394->95395 95398 4d7510 53 API calls 95394->95398 95401 55ae4d ___scrt_fastfail 95395->95401 95443 4db567 39 API calls 95395->95443 95396->95391 95400 4d7510 53 API calls 95396->95400 95399 55ade4 95397->95399 95408 55ae04 95398->95408 95441 4d7620 22 API calls _wcslen 95399->95441 95403 55adc4 95400->95403 95417 4d7510 95401->95417 95440 4d7620 22 API calls _wcslen 95403->95440 95408->95395 95409 4d7510 53 API calls 95408->95409 95410 55ae28 95409->95410 95410->95395 95442 4da8c7 22 API calls __fread_nolock 95410->95442 95411 55aeb0 95413 55aec8 95411->95413 95414 55af35 GetProcessId 95411->95414 95413->95359 95415 55af48 95414->95415 95416 55af58 CloseHandle 95415->95416 95416->95413 95418 4d7525 95417->95418 95419 4d7522 ShellExecuteExW 95417->95419 95420 4d752d 95418->95420 95421 4d755b 95418->95421 95419->95411 95444 4f51c6 26 API calls 95420->95444 95422 5150f6 95421->95422 95424 4d756d 95421->95424 95431 51500f 95421->95431 95447 4f5183 26 API calls 95422->95447 95445 4efb21 51 API calls 95424->95445 95425 4d753d 95430 4efddb 22 API calls 95425->95430 95427 51510e 95427->95427 95432 4d7547 95430->95432 95434 4efe0b 22 API calls 95431->95434 95439 515088 95431->95439 95433 4d9cb3 22 API calls 95432->95433 95433->95419 95435 515058 95434->95435 95436 4efddb 22 API calls 95435->95436 95437 51507f 95436->95437 95438 4d9cb3 22 API calls 95437->95438 95438->95439 95446 4efb21 51 API calls 95439->95446 95440->95391 95441->95394 95442->95395 95443->95401 95444->95425 95445->95425 95446->95422 95447->95427 95449 53dc06 95448->95449 95450 53dbdc GetFileAttributesW 95448->95450 95449->95364 95450->95449 95451 53dbe8 FindFirstFileW 95450->95451 95451->95449 95452 53dbf9 FindClose 95451->95452 95452->95449 95457 53df02 95453->95457 95454 53df19 95463 4f62fb 39 API calls 95454->95463 95457->95454 95458 53df1f 95457->95458 95462 4f63b2 GetStringTypeW _strftime 95457->95462 95458->95316 95459->95316 95460->95316 95461->95316 95462->95457 95463->95458 95464 4df7bf 95465 4dfcb6 95464->95465 95466 4df7d3 95464->95466 95501 4daceb 23 API calls messages 95465->95501 95468 4dfcc2 95466->95468 95469 4efddb 22 API calls 95466->95469 95502 4daceb 23 API calls messages 95468->95502 95471 4df7e5 95469->95471 95471->95468 95472 4df83e 95471->95472 95473 4dfd3d 95471->95473 95475 4e1310 185 API calls 95472->95475 95496 4ded9d messages 95472->95496 95503 541155 22 API calls 95473->95503 95495 4dec76 messages 95475->95495 95477 4dfef7 95477->95496 95505 4da8c7 22 API calls __fread_nolock 95477->95505 95479 4efddb 22 API calls 95479->95495 95480 4da8c7 22 API calls 95480->95495 95481 524600 95481->95496 95504 4da8c7 22 API calls __fread_nolock 95481->95504 95482 524b0b 95507 54359c 82 API calls __wsopen_s 95482->95507 95488 4dfbe3 95490 524bdc 95488->95490 95488->95496 95497 4df3ae messages 95488->95497 95489 4da961 22 API calls 95489->95495 95508 54359c 82 API calls __wsopen_s 95490->95508 95491 4f00a3 29 API calls pre_c_initialization 95491->95495 95493 4f0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95493->95495 95494 524beb 95509 54359c 82 API calls __wsopen_s 95494->95509 95495->95477 95495->95479 95495->95480 95495->95481 95495->95482 95495->95488 95495->95489 95495->95491 95495->95493 95495->95494 95495->95496 95495->95497 95498 4f01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95495->95498 95499 4e01e0 185 API calls 2 library calls 95495->95499 95500 4e06a0 41 API calls messages 95495->95500 95497->95496 95506 54359c 82 API calls __wsopen_s 95497->95506 95498->95495 95499->95495 95500->95495 95501->95468 95502->95473 95503->95496 95504->95496 95505->95496 95506->95496 95507->95496 95508->95494 95509->95496 95510 512402 95513 4d1410 95510->95513 95514 4d144f mciSendStringW 95513->95514 95515 5124b8 DestroyWindow 95513->95515 95516 4d146b 95514->95516 95517 4d16c6 95514->95517 95528 5124c4 95515->95528 95519 4d1479 95516->95519 95516->95528 95517->95516 95518 4d16d5 UnregisterHotKey 95517->95518 95518->95517 95546 4d182e 95519->95546 95522 512509 95527 51252d 95522->95527 95529 51251c FreeLibrary 95522->95529 95523 5124e2 FindClose 95523->95528 95524 5124d8 95524->95528 95552 4d6246 CloseHandle 95524->95552 95525 4d148e 95525->95527 95534 4d149c 95525->95534 95530 512541 VirtualFree 95527->95530 95537 4d1509 95527->95537 95528->95522 95528->95523 95528->95524 95529->95522 95530->95527 95531 4d14f8 OleUninitialize 95531->95537 95532 512589 95539 512598 messages 95532->95539 95553 5432eb 6 API calls messages 95532->95553 95533 4d1514 95536 4d1524 95533->95536 95534->95531 95550 4d1944 VirtualFreeEx CloseHandle 95536->95550 95537->95532 95537->95533 95542 512627 95539->95542 95554 5364d4 22 API calls messages 95539->95554 95541 4d153a 95541->95539 95543 4d161f 95541->95543 95542->95542 95543->95542 95551 4d1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95543->95551 95545 4d16c1 95548 4d183b 95546->95548 95547 4d1480 95547->95522 95547->95525 95548->95547 95555 53702a 22 API calls 95548->95555 95550->95541 95551->95545 95552->95524 95553->95532 95554->95539 95555->95548 95556 4f03fb 95557 4f0407 ___DestructExceptionObject 95556->95557 95585 4efeb1 95557->95585 95559 4f040e 95560 4f0561 95559->95560 95564 4f0438 95559->95564 95615 4f083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95560->95615 95562 4f0568 95608 4f4e52 95562->95608 95574 4f0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95564->95574 95596 50247d 95564->95596 95570 4f0457 95572 4f04d8 95604 4f0959 95572->95604 95574->95572 95611 4f4e1a 38 API calls 2 library calls 95574->95611 95576 4f04de 95577 4f04f3 95576->95577 95612 4f0992 GetModuleHandleW 95577->95612 95579 4f04fa 95579->95562 95580 4f04fe 95579->95580 95581 4f0507 95580->95581 95613 4f4df5 28 API calls _abort 95580->95613 95614 4f0040 13 API calls 2 library calls 95581->95614 95584 4f050f 95584->95570 95586 4efeba 95585->95586 95617 4f0698 IsProcessorFeaturePresent 95586->95617 95588 4efec6 95618 4f2c94 10 API calls 3 library calls 95588->95618 95590 4efecb 95595 4efecf 95590->95595 95619 502317 95590->95619 95593 4efee6 95593->95559 95595->95559 95598 502494 95596->95598 95597 4f0a8c CatchGuardHandler 5 API calls 95599 4f0451 95597->95599 95598->95597 95599->95570 95600 502421 95599->95600 95603 502450 95600->95603 95601 4f0a8c CatchGuardHandler 5 API calls 95602 502479 95601->95602 95602->95574 95603->95601 95670 4f2340 95604->95670 95607 4f097f 95607->95576 95672 4f4bcf 95608->95672 95611->95572 95612->95579 95613->95581 95614->95584 95615->95562 95617->95588 95618->95590 95623 50d1f6 95619->95623 95622 4f2cbd 8 API calls 3 library calls 95622->95595 95626 50d213 95623->95626 95627 50d20f 95623->95627 95625 4efed8 95625->95593 95625->95622 95626->95627 95629 504bfb 95626->95629 95641 4f0a8c 95627->95641 95630 504c07 ___DestructExceptionObject 95629->95630 95648 502f5e EnterCriticalSection 95630->95648 95632 504c0e 95649 5050af 95632->95649 95634 504c2c 95664 504c48 LeaveCriticalSection _abort 95634->95664 95635 504c1d 95635->95634 95662 504a8f 29 API calls 95635->95662 95638 504c27 95663 504b45 GetStdHandle GetFileType 95638->95663 95639 504c3d __wsopen_s 95639->95626 95642 4f0a97 IsProcessorFeaturePresent 95641->95642 95643 4f0a95 95641->95643 95645 4f0c5d 95642->95645 95643->95625 95669 4f0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95645->95669 95647 4f0d40 95647->95625 95648->95632 95650 5050bb ___DestructExceptionObject 95649->95650 95651 5050c8 95650->95651 95652 5050df 95650->95652 95666 4ff2d9 20 API calls _free 95651->95666 95665 502f5e EnterCriticalSection 95652->95665 95655 5050cd 95667 5027ec 26 API calls _abort 95655->95667 95657 505117 95668 50513e LeaveCriticalSection _abort 95657->95668 95658 5050d7 __wsopen_s 95658->95635 95659 5050eb 95659->95657 95661 505000 __wsopen_s 21 API calls 95659->95661 95661->95659 95662->95638 95663->95634 95664->95639 95665->95659 95666->95655 95667->95658 95668->95658 95669->95647 95671 4f096c GetStartupInfoW 95670->95671 95671->95607 95673 4f4bdb _abort 95672->95673 95674 4f4bf4 95673->95674 95675 4f4be2 95673->95675 95696 502f5e EnterCriticalSection 95674->95696 95711 4f4d29 GetModuleHandleW 95675->95711 95678 4f4be7 95678->95674 95712 4f4d6d GetModuleHandleExW 95678->95712 95679 4f4c99 95700 4f4cd9 95679->95700 95682 4f4bfb 95682->95679 95684 4f4c70 95682->95684 95697 5021a8 95682->95697 95688 4f4c88 95684->95688 95693 502421 _abort 5 API calls 95684->95693 95686 4f4cb6 95703 4f4ce8 95686->95703 95687 4f4ce2 95720 511d29 5 API calls CatchGuardHandler 95687->95720 95689 502421 _abort 5 API calls 95688->95689 95689->95679 95693->95688 95696->95682 95721 501ee1 95697->95721 95741 502fa6 LeaveCriticalSection 95700->95741 95702 4f4cb2 95702->95686 95702->95687 95742 50360c 95703->95742 95706 4f4d16 95709 4f4d6d _abort 8 API calls 95706->95709 95707 4f4cf6 GetPEB 95707->95706 95708 4f4d06 GetCurrentProcess TerminateProcess 95707->95708 95708->95706 95710 4f4d1e ExitProcess 95709->95710 95711->95678 95713 4f4dba 95712->95713 95714 4f4d97 GetProcAddress 95712->95714 95715 4f4dc9 95713->95715 95716 4f4dc0 FreeLibrary 95713->95716 95717 4f4dac 95714->95717 95718 4f0a8c CatchGuardHandler 5 API calls 95715->95718 95716->95715 95717->95713 95719 4f4bf3 95718->95719 95719->95674 95724 501e90 95721->95724 95723 501f05 95723->95684 95725 501e9c ___DestructExceptionObject 95724->95725 95732 502f5e EnterCriticalSection 95725->95732 95727 501eaa 95733 501f31 95727->95733 95731 501ec8 __wsopen_s 95731->95723 95732->95727 95734 501f51 95733->95734 95737 501f59 95733->95737 95735 4f0a8c CatchGuardHandler 5 API calls 95734->95735 95736 501eb7 95735->95736 95739 501ed5 LeaveCriticalSection _abort 95736->95739 95737->95734 95740 5029c8 20 API calls _free 95737->95740 95739->95731 95740->95734 95741->95702 95743 503631 95742->95743 95744 503627 95742->95744 95749 502fd7 5 API calls 2 library calls 95743->95749 95746 4f0a8c CatchGuardHandler 5 API calls 95744->95746 95747 4f4cf2 95746->95747 95747->95706 95747->95707 95748 503648 95748->95744 95749->95748 95750 512ba5 95751 4d2b25 95750->95751 95752 512baf 95750->95752 95778 4d2b83 7 API calls 95751->95778 95796 4d3a5a 95752->95796 95756 512bb8 95758 4d9cb3 22 API calls 95756->95758 95760 512bc6 95758->95760 95759 4d2b2f 95761 4d2b44 95759->95761 95782 4d3837 95759->95782 95762 512bf5 95760->95762 95763 512bce 95760->95763 95770 4d2b5f 95761->95770 95792 4d30f2 95761->95792 95764 4d33c6 22 API calls 95762->95764 95803 4d33c6 95763->95803 95777 512bf1 GetForegroundWindow ShellExecuteW 95764->95777 95774 4d2b66 SetCurrentDirectoryW 95770->95774 95772 512c26 95772->95770 95773 512be7 95775 4d33c6 22 API calls 95773->95775 95776 4d2b7a 95774->95776 95775->95777 95777->95772 95813 4d2cd4 7 API calls 95778->95813 95780 4d2b2a 95781 4d2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95780->95781 95781->95759 95783 4d3862 ___scrt_fastfail 95782->95783 95814 4d4212 95783->95814 95786 4d38e8 95788 513386 Shell_NotifyIconW 95786->95788 95789 4d3906 Shell_NotifyIconW 95786->95789 95818 4d3923 95789->95818 95791 4d391c 95791->95761 95793 4d3154 95792->95793 95794 4d3104 ___scrt_fastfail 95792->95794 95793->95770 95795 4d3123 Shell_NotifyIconW 95794->95795 95795->95793 95797 511f50 __wsopen_s 95796->95797 95798 4d3a67 GetModuleFileNameW 95797->95798 95799 4d9cb3 22 API calls 95798->95799 95800 4d3a8d 95799->95800 95801 4d3aa2 23 API calls 95800->95801 95802 4d3a97 95801->95802 95802->95756 95804 4d33dd 95803->95804 95805 5130bb 95803->95805 95849 4d33ee 95804->95849 95807 4efddb 22 API calls 95805->95807 95809 5130c5 _wcslen 95807->95809 95808 4d33e8 95812 4d6350 22 API calls 95808->95812 95810 4efe0b 22 API calls 95809->95810 95811 5130fe __fread_nolock 95810->95811 95812->95773 95813->95780 95815 5135a4 95814->95815 95816 4d38b7 95814->95816 95815->95816 95817 5135ad DestroyIcon 95815->95817 95816->95786 95840 53c874 42 API calls _strftime 95816->95840 95817->95816 95819 4d393f 95818->95819 95838 4d3a13 95818->95838 95841 4d6270 95819->95841 95822 513393 LoadStringW 95826 5133ad 95822->95826 95823 4d395a 95824 4d6b57 22 API calls 95823->95824 95825 4d396f 95824->95825 95827 4d397c 95825->95827 95828 5133c9 95825->95828 95833 4d3994 ___scrt_fastfail 95826->95833 95847 4da8c7 22 API calls __fread_nolock 95826->95847 95827->95826 95830 4d3986 95827->95830 95848 4d6350 22 API calls 95828->95848 95846 4d6350 22 API calls 95830->95846 95836 4d39f9 Shell_NotifyIconW 95833->95836 95834 5133d7 95834->95833 95835 4d33c6 22 API calls 95834->95835 95837 5133f9 95835->95837 95836->95838 95839 4d33c6 22 API calls 95837->95839 95838->95791 95839->95833 95840->95786 95842 4efe0b 22 API calls 95841->95842 95843 4d6295 95842->95843 95844 4efddb 22 API calls 95843->95844 95845 4d394d 95844->95845 95845->95822 95845->95823 95846->95833 95847->95833 95848->95834 95850 4d33fe _wcslen 95849->95850 95851 51311d 95850->95851 95852 4d3411 95850->95852 95854 4efddb 22 API calls 95851->95854 95859 4da587 95852->95859 95856 513127 95854->95856 95855 4d341e __fread_nolock 95855->95808 95857 4efe0b 22 API calls 95856->95857 95858 513157 __fread_nolock 95857->95858 95861 4da59d 95859->95861 95863 4da598 __fread_nolock 95859->95863 95860 51f80f 95861->95860 95862 4efe0b 22 API calls 95861->95862 95862->95863 95863->95855 95864 4d1098 95869 4d42de 95864->95869 95868 4d10a7 95870 4da961 22 API calls 95869->95870 95871 4d42f5 GetVersionExW 95870->95871 95872 4d6b57 22 API calls 95871->95872 95873 4d4342 95872->95873 95874 4d93b2 22 API calls 95873->95874 95879 4d4378 95873->95879 95875 4d436c 95874->95875 95876 4d37a0 22 API calls 95875->95876 95876->95879 95877 4d441b GetCurrentProcess IsWow64Process 95878 4d4437 95877->95878 95880 4d444f LoadLibraryA 95878->95880 95881 513824 GetSystemInfo 95878->95881 95879->95877 95885 5137df 95879->95885 95882 4d449c GetSystemInfo 95880->95882 95883 4d4460 GetProcAddress 95880->95883 95884 4d4476 95882->95884 95883->95882 95886 4d4470 GetNativeSystemInfo 95883->95886 95887 4d447a FreeLibrary 95884->95887 95888 4d109d 95884->95888 95886->95884 95887->95888 95889 4f00a3 29 API calls __onexit 95888->95889 95889->95868 95890 4d105b 95895 4d344d 95890->95895 95892 4d106a 95926 4f00a3 29 API calls __onexit 95892->95926 95894 4d1074 95896 4d345d __wsopen_s 95895->95896 95897 4da961 22 API calls 95896->95897 95898 4d3513 95897->95898 95899 4d3a5a 24 API calls 95898->95899 95900 4d351c 95899->95900 95927 4d3357 95900->95927 95903 4d33c6 22 API calls 95904 4d3535 95903->95904 95905 4d515f 22 API calls 95904->95905 95906 4d3544 95905->95906 95907 4da961 22 API calls 95906->95907 95908 4d354d 95907->95908 95909 4da6c3 22 API calls 95908->95909 95910 4d3556 RegOpenKeyExW 95909->95910 95911 513176 RegQueryValueExW 95910->95911 95915 4d3578 95910->95915 95912 513193 95911->95912 95913 51320c RegCloseKey 95911->95913 95914 4efe0b 22 API calls 95912->95914 95913->95915 95925 51321e _wcslen 95913->95925 95916 5131ac 95914->95916 95915->95892 95917 4d5722 22 API calls 95916->95917 95918 5131b7 RegQueryValueExW 95917->95918 95920 5131d4 95918->95920 95922 5131ee messages 95918->95922 95919 4d4c6d 22 API calls 95919->95925 95921 4d6b57 22 API calls 95920->95921 95921->95922 95922->95913 95923 4d9cb3 22 API calls 95923->95925 95924 4d515f 22 API calls 95924->95925 95925->95915 95925->95919 95925->95923 95925->95924 95926->95894 95928 511f50 __wsopen_s 95927->95928 95929 4d3364 GetFullPathNameW 95928->95929 95930 4d3386 95929->95930 95931 4d6b57 22 API calls 95930->95931 95932 4d33a4 95931->95932 95932->95903 95933 4d2e37 95934 4da961 22 API calls 95933->95934 95935 4d2e4d 95934->95935 96012 4d4ae3 95935->96012 95937 4d2e6b 95938 4d3a5a 24 API calls 95937->95938 95939 4d2e7f 95938->95939 95940 4d9cb3 22 API calls 95939->95940 95941 4d2e8c 95940->95941 95942 4d4ecb 94 API calls 95941->95942 95943 4d2ea5 95942->95943 95944 4d2ead 95943->95944 95945 512cb0 95943->95945 96026 4da8c7 22 API calls __fread_nolock 95944->96026 95946 542cf9 80 API calls 95945->95946 95947 512cc3 95946->95947 95949 512ccf 95947->95949 95951 4d4f39 68 API calls 95947->95951 95953 4d4f39 68 API calls 95949->95953 95950 4d2ec3 96027 4d6f88 22 API calls 95950->96027 95951->95949 95955 512ce5 95953->95955 95954 4d2ecf 95956 4d9cb3 22 API calls 95954->95956 96044 4d3084 22 API calls 95955->96044 95957 4d2edc 95956->95957 96028 4da81b 41 API calls 95957->96028 95960 4d2eec 95962 4d9cb3 22 API calls 95960->95962 95961 512d02 96045 4d3084 22 API calls 95961->96045 95964 4d2f12 95962->95964 96029 4da81b 41 API calls 95964->96029 95965 512d1e 95967 4d3a5a 24 API calls 95965->95967 95969 512d44 95967->95969 95968 4d2f21 95971 4da961 22 API calls 95968->95971 96046 4d3084 22 API calls 95969->96046 95974 4d2f3f 95971->95974 95972 512d50 96047 4da8c7 22 API calls __fread_nolock 95972->96047 96030 4d3084 22 API calls 95974->96030 95975 512d5e 96048 4d3084 22 API calls 95975->96048 95978 4d2f4b 96031 4f4a28 40 API calls 3 library calls 95978->96031 95979 512d6d 96049 4da8c7 22 API calls __fread_nolock 95979->96049 95981 4d2f59 95981->95955 95982 4d2f63 95981->95982 96032 4f4a28 40 API calls 3 library calls 95982->96032 95985 512d83 96050 4d3084 22 API calls 95985->96050 95986 4d2f6e 95986->95961 95988 4d2f78 95986->95988 96033 4f4a28 40 API calls 3 library calls 95988->96033 95989 512d90 95991 4d2f83 95991->95965 95992 4d2f8d 95991->95992 96034 4f4a28 40 API calls 3 library calls 95992->96034 95994 4d2f98 95995 4d2fdc 95994->95995 96035 4d3084 22 API calls 95994->96035 95995->95979 95996 4d2fe8 95995->95996 95996->95989 96038 4d63eb 22 API calls 95996->96038 95998 4d2fbf 96036 4da8c7 22 API calls __fread_nolock 95998->96036 96001 4d2ff8 96039 4d6a50 22 API calls 96001->96039 96003 4d2fcd 96037 4d3084 22 API calls 96003->96037 96004 4d3006 96040 4d70b0 23 API calls 96004->96040 96009 4d3021 96010 4d3065 96009->96010 96041 4d6f88 22 API calls 96009->96041 96042 4d70b0 23 API calls 96009->96042 96043 4d3084 22 API calls 96009->96043 96013 4d4af0 __wsopen_s 96012->96013 96014 4d6b57 22 API calls 96013->96014 96015 4d4b22 96013->96015 96014->96015 96022 4d4b58 96015->96022 96051 4d4c6d 96015->96051 96017 4d4c6d 22 API calls 96017->96022 96018 4d9cb3 22 API calls 96020 4d4c52 96018->96020 96019 4d9cb3 22 API calls 96019->96022 96021 4d515f 22 API calls 96020->96021 96024 4d4c5e 96021->96024 96022->96017 96022->96019 96023 4d515f 22 API calls 96022->96023 96025 4d4c29 96022->96025 96023->96022 96024->95937 96025->96018 96025->96024 96026->95950 96027->95954 96028->95960 96029->95968 96030->95978 96031->95981 96032->95986 96033->95991 96034->95994 96035->95998 96036->96003 96037->95995 96038->96001 96039->96004 96040->96009 96041->96009 96042->96009 96043->96009 96044->95961 96045->95965 96046->95972 96047->95975 96048->95979 96049->95985 96050->95989 96052 4daec9 22 API calls 96051->96052 96053 4d4c78 96052->96053 96053->96015 96054 4d3156 96057 4d3170 96054->96057 96058 4d3187 96057->96058 96059 4d318c 96058->96059 96060 4d31eb 96058->96060 96097 4d31e9 96058->96097 96064 4d3199 96059->96064 96065 4d3265 PostQuitMessage 96059->96065 96062 512dfb 96060->96062 96063 4d31f1 96060->96063 96061 4d31d0 DefWindowProcW 96099 4d316a 96061->96099 96105 4d18e2 10 API calls 96062->96105 96066 4d321d SetTimer RegisterWindowMessageW 96063->96066 96067 4d31f8 96063->96067 96069 4d31a4 96064->96069 96070 512e7c 96064->96070 96065->96099 96074 4d3246 CreatePopupMenu 96066->96074 96066->96099 96071 4d3201 KillTimer 96067->96071 96072 512d9c 96067->96072 96075 4d31ae 96069->96075 96076 512e68 96069->96076 96109 53bf30 34 API calls ___scrt_fastfail 96070->96109 96080 4d30f2 Shell_NotifyIconW 96071->96080 96078 512da1 96072->96078 96079 512dd7 MoveWindow 96072->96079 96073 512e1c 96106 4ee499 42 API calls 96073->96106 96074->96099 96083 4d31b9 96075->96083 96087 512e4d 96075->96087 96108 53c161 27 API calls ___scrt_fastfail 96076->96108 96085 512da7 96078->96085 96086 512dc6 SetFocus 96078->96086 96079->96099 96088 4d3214 96080->96088 96090 4d31c4 96083->96090 96091 4d3253 96083->96091 96084 512e8e 96084->96061 96084->96099 96085->96090 96092 512db0 96085->96092 96086->96099 96087->96061 96107 530ad7 22 API calls 96087->96107 96102 4d3c50 DeleteObject DestroyWindow 96088->96102 96089 4d3263 96089->96099 96090->96061 96098 4d30f2 Shell_NotifyIconW 96090->96098 96103 4d326f 44 API calls ___scrt_fastfail 96091->96103 96104 4d18e2 10 API calls 96092->96104 96097->96061 96100 512e41 96098->96100 96101 4d3837 49 API calls 96100->96101 96101->96097 96102->96099 96103->96089 96104->96099 96105->96073 96106->96090 96107->96097 96108->96089 96109->96084 96110 4d1033 96115 4d4c91 96110->96115 96114 4d1042 96116 4da961 22 API calls 96115->96116 96117 4d4cff 96116->96117 96123 4d3af0 96117->96123 96119 4d4d9c 96120 4d1038 96119->96120 96126 4d51f7 22 API calls __fread_nolock 96119->96126 96122 4f00a3 29 API calls __onexit 96120->96122 96122->96114 96127 4d3b1c 96123->96127 96126->96119 96128 4d3b0f 96127->96128 96129 4d3b29 96127->96129 96128->96119 96129->96128 96130 4d3b30 RegOpenKeyExW 96129->96130 96130->96128 96131 4d3b4a RegQueryValueExW 96130->96131 96132 4d3b6b 96131->96132 96133 4d3b80 RegCloseKey 96131->96133 96132->96133 96133->96128

                        Executed Functions

                        Function 004D42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 234 4d42de-4d434d call 4da961 GetVersionExW call 4d6b57 239 513617-51362a 234->239 240 4d4353 234->240 241 51362b-51362f 239->241 242 4d4355-4d4357 240->242 243 513631 241->243 244 513632-51363e 241->244 245 4d435d-4d43bc call 4d93b2 call 4d37a0 242->245 246 513656 242->246 243->244 244->241 247 513640-513642 244->247 262 5137df-5137e6 245->262 263 4d43c2-4d43c4 245->263 251 51365d-513660 246->251 247->242 250 513648-51364f 247->250 250->239 253 513651 250->253 254 4d441b-4d4435 GetCurrentProcess IsWow64Process 251->254 255 513666-5136a8 251->255 253->246 258 4d4494-4d449a 254->258 259 4d4437 254->259 255->254 256 5136ae-5136b1 255->256 260 5136b3-5136bd 256->260 261 5136db-5136e5 256->261 264 4d443d-4d4449 258->264 259->264 265 5136ca-5136d6 260->265 266 5136bf-5136c5 260->266 268 5136e7-5136f3 261->268 269 5136f8-513702 261->269 270 513806-513809 262->270 271 5137e8 262->271 263->251 267 4d43ca-4d43dd 263->267 272 4d444f-4d445e LoadLibraryA 264->272 273 513824-513828 GetSystemInfo 264->273 265->254 266->254 274 513726-51372f 267->274 275 4d43e3-4d43e5 267->275 268->254 277 513715-513721 269->277 278 513704-513710 269->278 279 5137f4-5137fc 270->279 280 51380b-51381a 270->280 276 5137ee 271->276 281 4d449c-4d44a6 GetSystemInfo 272->281 282 4d4460-4d446e GetProcAddress 272->282 286 513731-513737 274->286 287 51373c-513748 274->287 284 4d43eb-4d43ee 275->284 285 51374d-513762 275->285 276->279 277->254 278->254 279->270 280->276 288 51381c-513822 280->288 283 4d4476-4d4478 281->283 282->281 289 4d4470-4d4474 GetNativeSystemInfo 282->289 290 4d447a-4d447b FreeLibrary 283->290 291 4d4481-4d4493 283->291 292 513791-513794 284->292 293 4d43f4-4d440f 284->293 294 513764-51376a 285->294 295 51376f-51377b 285->295 286->254 287->254 288->279 289->283 290->291 292->254 296 51379a-5137c1 292->296 297 513780-51378c 293->297 298 4d4415 293->298 294->254 295->254 299 5137c3-5137c9 296->299 300 5137ce-5137da 296->300 297->254 298->254 299->254 300->254
                        APIs
                        • GetVersionExW.KERNEL32(?), ref: 004D430D
                          • Part of subcall function 004D6B57: _wcslen.LIBCMT ref: 004D6B6A
                        • GetCurrentProcess.KERNEL32(?,0056CB64,00000000,?,?), ref: 004D4422
                        • IsWow64Process.KERNEL32(00000000,?,?), ref: 004D4429
                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 004D4454
                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 004D4466
                        • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 004D4474
                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 004D447B
                        • GetSystemInfo.KERNEL32(?,?,?), ref: 004D44A0
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                        • String ID: GetNativeSystemInfo$kernel32.dll$|O
                        • API String ID: 3290436268-3101561225
                        • Opcode ID: 2c218a029c973b4d33f9a6678943e9da01adababfa23b2eea23c79d02b019980
                        • Instruction ID: ae47287b9a98ce90bb2e8fa2a61cfabdfca4fa3aa0fa7f48704938a8e2b4d968
                        • Opcode Fuzzy Hash: 2c218a029c973b4d33f9a6678943e9da01adababfa23b2eea23c79d02b019980
                        • Instruction Fuzzy Hash: 48A1AD7190AAD0DBCF11CF6978501A93EE47B77340F184C9BD08197B62D6344A8DEB2E
                        Function 004D42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 638 4d42a2-4d42ba CreateStreamOnHGlobal 639 4d42bc-4d42d3 FindResourceExW 638->639 640 4d42da-4d42dd 638->640 641 4d42d9 639->641 642 5135ba-5135c9 LoadResource 639->642 641->640 642->641 643 5135cf-5135dd SizeofResource 642->643 643->641 644 5135e3-5135ee LockResource 643->644 644->641 645 5135f4-513612 644->645 645->641
                        APIs
                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,004D50AA,?,?,00000000,00000000), ref: 004D42B2
                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,004D50AA,?,?,00000000,00000000), ref: 004D42C9
                        • LoadResource.KERNEL32(?,00000000,?,?,004D50AA,?,?,00000000,00000000,?,?,?,?,?,?,004D4F20), ref: 005135BE
                        • SizeofResource.KERNEL32(?,00000000,?,?,004D50AA,?,?,00000000,00000000,?,?,?,?,?,?,004D4F20), ref: 005135D3
                        • LockResource.KERNEL32(004D50AA,?,?,004D50AA,?,?,00000000,00000000,?,?,?,?,?,?,004D4F20,?), ref: 005135E6
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                        • String ID: SCRIPT
                        • API String ID: 3051347437-3967369404
                        • Opcode ID: 7be0f9ca5dab0834ec058b3a3163501cc573fda8fd94da663cd185384c7311e5
                        • Instruction ID: 5c1d459cf3d083c1098590bd5fa941bb6e88821fcc9cedb7d7ad40816bfe170a
                        • Opcode Fuzzy Hash: 7be0f9ca5dab0834ec058b3a3163501cc573fda8fd94da663cd185384c7311e5
                        • Instruction Fuzzy Hash: 35117C74200701BFE7218B69DC58F677FBAEBD5B91F1081AAF846D72A0DBB1D8049660
                        Function 00512BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 004D2B6B
                          • Part of subcall function 004D3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,005A1418,?,004D2E7F,?,?,?,00000000), ref: 004D3A78
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                        • GetForegroundWindow.USER32(runas,?,?,?,?,?,00592224), ref: 00512C10
                        • ShellExecuteW.SHELL32(00000000,?,?,00592224), ref: 00512C17
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                        • String ID: runas
                        • API String ID: 448630720-4000483414
                        • Opcode ID: 75e3a163b6680b4307d5c1c7f6466a7d11b520ff6b70e9564e768e91d1dfee8e
                        • Instruction ID: 9ccd0fcdefd2c1d5192776870d3dc9d94606f9afd1d02dffa59e553b1c5a3aaa
                        • Opcode Fuzzy Hash: 75e3a163b6680b4307d5c1c7f6466a7d11b520ff6b70e9564e768e91d1dfee8e
                        • Instruction Fuzzy Hash: 6511E7312083015ACB04FF65D9759BE7FA4ABA5749F04041FF082433A2CFA89959D71B
                        Function 0053D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1153 53d4dc-53d524 CreateToolhelp32Snapshot Process32FirstW call 53def7 1156 53d5d2-53d5d5 1153->1156 1157 53d5db-53d5ea FindCloseChangeNotification 1156->1157 1158 53d529-53d538 Process32NextW 1156->1158 1158->1157 1159 53d53e-53d5ad call 4da961 * 2 call 4d9cb3 call 4d525f call 4d988f call 4d6350 call 4ece60 1158->1159 1174 53d5b7-53d5be 1159->1174 1175 53d5af-53d5b1 1159->1175 1176 53d5c0-53d5cd call 4d988f * 2 1174->1176 1175->1176 1177 53d5b3-53d5b5 1175->1177 1176->1156 1177->1174 1177->1176
                        APIs
                        • CreateToolhelp32Snapshot.KERNEL32 ref: 0053D501
                        • Process32FirstW.KERNEL32(00000000,?), ref: 0053D50F
                        • Process32NextW.KERNEL32(00000000,?), ref: 0053D52F
                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 0053D5DC
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                        • String ID:
                        • API String ID: 3243318325-0
                        • Opcode ID: 29e0b92bb44daaf564daa900864ecfb318bca142bde4b5ae0baa5a3b1cbcf4ea
                        • Instruction ID: b343c40fc36b4cfdaacb2dd3688ee650938a3c0df8a58c3ee6566c077dca6014
                        • Opcode Fuzzy Hash: 29e0b92bb44daaf564daa900864ecfb318bca142bde4b5ae0baa5a3b1cbcf4ea
                        • Instruction Fuzzy Hash: FC31A1711083009FD300EF55D895AAFBFF8EF99348F14092EF581832A1EB719948DBA2
                        Function 0053DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1181 53dbbe-53dbda lstrlenW 1182 53dc06 1181->1182 1183 53dbdc-53dbe6 GetFileAttributesW 1181->1183 1184 53dc09-53dc0d 1182->1184 1183->1184 1185 53dbe8-53dbf7 FindFirstFileW 1183->1185 1185->1182 1186 53dbf9-53dc04 FindClose 1185->1186 1186->1184
                        APIs
                        • lstrlenW.KERNEL32(?,00515222), ref: 0053DBCE
                        • GetFileAttributesW.KERNEL32(?), ref: 0053DBDD
                        • FindFirstFileW.KERNEL32(?,?), ref: 0053DBEE
                        • FindClose.KERNEL32(00000000), ref: 0053DBFA
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: FileFind$AttributesCloseFirstlstrlen
                        • String ID:
                        • API String ID: 2695905019-0
                        • Opcode ID: a47b2288c99c2b16c53602fe614679b61739a23a1557bbf4b27d357bc9cc4d4d
                        • Instruction ID: 1cea916c1867b7e73592a15cb4026e5b20ec3f29acad6e7845579e2698ff0653
                        • Opcode Fuzzy Hash: a47b2288c99c2b16c53602fe614679b61739a23a1557bbf4b27d357bc9cc4d4d
                        • Instruction Fuzzy Hash: 9BF0A0708209185782206B7CAC0D8BA7F7CAF52334F104702F8B6C20E0EBF09D58DAA5
                        Function 004F4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetCurrentProcess.KERNEL32(005028E9,?,004F4CBE,005028E9,005988B8,0000000C,004F4E15,005028E9,00000002,00000000,?,005028E9), ref: 004F4D09
                        • TerminateProcess.KERNEL32(00000000,?,004F4CBE,005028E9,005988B8,0000000C,004F4E15,005028E9,00000002,00000000,?,005028E9), ref: 004F4D10
                        • ExitProcess.KERNEL32 ref: 004F4D22
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Process$CurrentExitTerminate
                        • String ID:
                        • API String ID: 1703294689-0
                        • Opcode ID: 0c4b922d67c2ba183d2013d5ed21fe3b9d4b3c6dd62487782a5c1c552b4b048e
                        • Instruction ID: 2f7fe48413fd0ebc5ab1999f4bd765ad6a9dab324e744039b8b86d8a78b13ccf
                        • Opcode Fuzzy Hash: 0c4b922d67c2ba183d2013d5ed21fe3b9d4b3c6dd62487782a5c1c552b4b048e
                        • Instruction Fuzzy Hash: 94E04631000148ABCF11AF18DD09A6A3F29FB92781B004418FD448B322CB79DD42DA84
                        Function 004DBF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: BuffCharUpper
                        • String ID: p#Z
                        • API String ID: 3964851224-2661777097
                        • Opcode ID: af1c8694e47e21947c7d24f613472dfd6699e419bb090a35be6d1c9a895037e5
                        • Instruction ID: 95a942006be1a4f0d72e4a2d4f372be72af4e1bd1c6359e0a85387b40256825a
                        • Opcode Fuzzy Hash: af1c8694e47e21947c7d24f613472dfd6699e419bb090a35be6d1c9a895037e5
                        • Instruction Fuzzy Hash: 44A26B706083529FC714DF19C490B2ABBE1BF89304F14896EF89A8B392D775EC45CB96
                        Function 004DD730 Relevance: 21.6, APIs: 14, Instructions: 627windowsleeptimeCOMMON
                        Download Yara Rule
                        APIs
                        • GetInputState.USER32 ref: 004DD807
                        • timeGetTime.WINMM ref: 004DDA07
                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004DDB28
                        • TranslateMessage.USER32(?), ref: 004DDB7B
                        • DispatchMessageW.USER32(?), ref: 004DDB89
                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004DDB9F
                        • Sleep.KERNEL32(0000000A), ref: 004DDBB1
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                        • String ID:
                        • API String ID: 2189390790-0
                        • Opcode ID: de7f274ef25bad909fe5512dec64e8bac68be5291b35f267e6f38a751eef9e7a
                        • Instruction ID: 0ef6521f1290aaa35ebe2ad1452a847e721f4f9cc225785ea980d0421b776af5
                        • Opcode Fuzzy Hash: de7f274ef25bad909fe5512dec64e8bac68be5291b35f267e6f38a751eef9e7a
                        • Instruction Fuzzy Hash: 85422470A04341EFD728CF24C8A4B6ABBE0BF56304F14865FE45587391D7B9E848DB8A
                        Function 004D2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • GetSysColorBrush.USER32(0000000F), ref: 004D2D07
                        • RegisterClassExW.USER32(00000030), ref: 004D2D31
                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004D2D42
                        • InitCommonControlsEx.COMCTL32(?), ref: 004D2D5F
                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004D2D6F
                        • LoadIconW.USER32(000000A9), ref: 004D2D85
                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 004D2D94
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                        • API String ID: 2914291525-1005189915
                        • Opcode ID: e6798b04b042e3c43e76c3ab64f07f13b69dd2870eb29001d22a1cf0b5b14615
                        • Instruction ID: 3847540129851c84904b7cba706e573d76a4751825f772bd17961319f548bc49
                        • Opcode Fuzzy Hash: e6798b04b042e3c43e76c3ab64f07f13b69dd2870eb29001d22a1cf0b5b14615
                        • Instruction Fuzzy Hash: EA2110B0901318AFDB00DFA8E888BEEBFB4FB18711F00811AF551A72A0D7B10548EF94
                        Function 0051065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 302 51065b-51068b call 51042f 305 5106a6-5106b2 call 505221 302->305 306 51068d-510698 call 4ff2c6 302->306 312 5106b4-5106c9 call 4ff2c6 call 4ff2d9 305->312 313 5106cb-510714 call 51039a 305->313 311 51069a-5106a1 call 4ff2d9 306->311 323 51097d-510983 311->323 312->311 321 510781-51078a GetFileType 313->321 322 510716-51071f 313->322 327 5107d3-5107d6 321->327 328 51078c-5107bd GetLastError call 4ff2a3 CloseHandle 321->328 325 510721-510725 322->325 326 510756-51077c GetLastError call 4ff2a3 322->326 325->326 331 510727-510754 call 51039a 325->331 326->311 329 5107d8-5107dd 327->329 330 5107df-5107e5 327->330 328->311 339 5107c3-5107ce call 4ff2d9 328->339 335 5107e9-510837 call 50516a 329->335 330->335 336 5107e7 330->336 331->321 331->326 345 510847-51086b call 51014d 335->345 346 510839-510845 call 5105ab 335->346 336->335 339->311 351 51086d 345->351 352 51087e-5108c1 345->352 346->345 353 51086f-510879 call 5086ae 346->353 351->353 355 5108c3-5108c7 352->355 356 5108e2-5108f0 352->356 353->323 355->356 358 5108c9-5108dd 355->358 359 5108f6-5108fa 356->359 360 51097b 356->360 358->356 359->360 361 5108fc-51092f CloseHandle call 51039a 359->361 360->323 364 510931-51095d GetLastError call 4ff2a3 call 505333 361->364 365 510963-510977 361->365 364->365 365->360
                        APIs
                          • Part of subcall function 0051039A: CreateFileW.KERNEL32(00000000,00000000,?,00510704,?,?,00000000,?,00510704,00000000,0000000C), ref: 005103B7
                        • GetLastError.KERNEL32 ref: 0051076F
                        • __dosmaperr.LIBCMT ref: 00510776
                        • GetFileType.KERNEL32(00000000), ref: 00510782
                        • GetLastError.KERNEL32 ref: 0051078C
                        • __dosmaperr.LIBCMT ref: 00510795
                        • CloseHandle.KERNEL32(00000000), ref: 005107B5
                        • CloseHandle.KERNEL32(?), ref: 005108FF
                        • GetLastError.KERNEL32 ref: 00510931
                        • __dosmaperr.LIBCMT ref: 00510938
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                        • String ID: H
                        • API String ID: 4237864984-2852464175
                        • Opcode ID: cd4c44651a61a6044365db334660b647557b94bade506d355b749447703474e4
                        • Instruction ID: 8edb7fbe3d5ee99c4f73ec0f5f4c461068fd42d980006d875e602e01df287231
                        • Opcode Fuzzy Hash: cd4c44651a61a6044365db334660b647557b94bade506d355b749447703474e4
                        • Instruction Fuzzy Hash: 5FA13232A001088FEF19AF68D891BEE3FA0FB46320F14115EF811AB2D1D7719896DB91
                        Function 004D344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                          • Part of subcall function 004D3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,005A1418,?,004D2E7F,?,?,?,00000000), ref: 004D3A78
                          • Part of subcall function 004D3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 004D3379
                        • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 004D356A
                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0051318D
                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 005131CE
                        • RegCloseKey.ADVAPI32(?), ref: 00513210
                        • _wcslen.LIBCMT ref: 00513277
                        • _wcslen.LIBCMT ref: 00513286
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                        • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                        • API String ID: 98802146-2727554177
                        • Opcode ID: a025bd291d257286ef532ad5f3ff9b247c007b2bc6a7007a0b7e36d8f9561b59
                        • Instruction ID: 85f034dc4582ec43c0f08781d1adea7283efa11aa78a48b1b3cd417413305512
                        • Opcode Fuzzy Hash: a025bd291d257286ef532ad5f3ff9b247c007b2bc6a7007a0b7e36d8f9561b59
                        • Instruction Fuzzy Hash: 1F7193715043009EC714EF6AEC668ABBBE8FF96744F40082FF54583260EB74994CDB55
                        Function 004D2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • GetSysColorBrush.USER32(0000000F), ref: 004D2B8E
                        • LoadCursorW.USER32(00000000,00007F00), ref: 004D2B9D
                        • LoadIconW.USER32(00000063), ref: 004D2BB3
                        • LoadIconW.USER32(000000A4), ref: 004D2BC5
                        • LoadIconW.USER32(000000A2), ref: 004D2BD7
                        • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 004D2BEF
                        • RegisterClassExW.USER32(?), ref: 004D2C40
                          • Part of subcall function 004D2CD4: GetSysColorBrush.USER32(0000000F), ref: 004D2D07
                          • Part of subcall function 004D2CD4: RegisterClassExW.USER32(00000030), ref: 004D2D31
                          • Part of subcall function 004D2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004D2D42
                          • Part of subcall function 004D2CD4: InitCommonControlsEx.COMCTL32(?), ref: 004D2D5F
                          • Part of subcall function 004D2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004D2D6F
                          • Part of subcall function 004D2CD4: LoadIconW.USER32(000000A9), ref: 004D2D85
                          • Part of subcall function 004D2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 004D2D94
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                        • String ID: #$0$AutoIt v3
                        • API String ID: 423443420-4155596026
                        • Opcode ID: 329cc59ebae8d4fab6761d94a932f5d78e134bfbcb593efa0452cacfa16fe65c
                        • Instruction ID: 816cb58a3b2fdcc6f22cbc634e071c90cadc72d5952fc35e589a080ecfdf80f3
                        • Opcode Fuzzy Hash: 329cc59ebae8d4fab6761d94a932f5d78e134bfbcb593efa0452cacfa16fe65c
                        • Instruction Fuzzy Hash: A9213974E00714AFDB109FA9EC55AA97FF4FB19B50F00041BE504A76A0D7B10548EF98
                        Function 004D3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 443 4d3170-4d3185 444 4d31e5-4d31e7 443->444 445 4d3187-4d318a 443->445 444->445 446 4d31e9 444->446 447 4d318c-4d3193 445->447 448 4d31eb 445->448 449 4d31d0-4d31d8 DefWindowProcW 446->449 452 4d3199-4d319e 447->452 453 4d3265-4d326d PostQuitMessage 447->453 450 512dfb-512e23 call 4d18e2 call 4ee499 448->450 451 4d31f1-4d31f6 448->451 460 4d31de-4d31e4 449->460 489 512e28-512e2f 450->489 455 4d321d-4d3244 SetTimer RegisterWindowMessageW 451->455 456 4d31f8-4d31fb 451->456 458 4d31a4-4d31a8 452->458 459 512e7c-512e90 call 53bf30 452->459 454 4d3219-4d321b 453->454 454->460 455->454 464 4d3246-4d3251 CreatePopupMenu 455->464 461 4d3201-4d320f KillTimer call 4d30f2 456->461 462 512d9c-512d9f 456->462 465 4d31ae-4d31b3 458->465 466 512e68-512e77 call 53c161 458->466 459->454 484 512e96 459->484 479 4d3214 call 4d3c50 461->479 468 512da1-512da5 462->468 469 512dd7-512df6 MoveWindow 462->469 464->454 473 4d31b9-4d31be 465->473 474 512e4d-512e54 465->474 466->454 476 512da7-512daa 468->476 477 512dc6-512dd2 SetFocus 468->477 469->454 482 4d31c4-4d31ca 473->482 483 4d3253-4d3263 call 4d326f 473->483 474->449 478 512e5a-512e63 call 530ad7 474->478 476->482 485 512db0-512dc1 call 4d18e2 476->485 477->454 478->449 479->454 482->449 482->489 483->454 484->449 485->454 489->449 493 512e35-512e48 call 4d30f2 call 4d3837 489->493 493->449
                        APIs
                        • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,004D316A,?,?), ref: 004D31D8
                        • KillTimer.USER32(?,00000001,?,?,?,?,?,004D316A,?,?), ref: 004D3204
                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004D3227
                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,004D316A,?,?), ref: 004D3232
                        • CreatePopupMenu.USER32 ref: 004D3246
                        • PostQuitMessage.USER32(00000000), ref: 004D3267
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                        • String ID: TaskbarCreated
                        • API String ID: 129472671-2362178303
                        • Opcode ID: 8174263d32cca994eaf08507624ab3d16378dc5b7abbca5672a4ed8a19109f4a
                        • Instruction ID: ab7c45c3b7073898ae9cef3354c0b3248c6ebbc2f6f2fad027fb3f6fcfcbbf00
                        • Opcode Fuzzy Hash: 8174263d32cca994eaf08507624ab3d16378dc5b7abbca5672a4ed8a19109f4a
                        • Instruction Fuzzy Hash: DC412735600201AADF141FB89C2DBBE3E99F716346F04012BF542863A1CBA99E45E76F
                        Function 004D1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 499 4d1410-4d1449 500 4d144f-4d1465 mciSendStringW 499->500 501 5124b8-5124b9 DestroyWindow 499->501 502 4d146b-4d1473 500->502 503 4d16c6-4d16d3 500->503 506 5124c4-5124d1 501->506 502->506 507 4d1479-4d1488 call 4d182e 502->507 504 4d16f8-4d16ff 503->504 505 4d16d5-4d16f0 UnregisterHotKey 503->505 504->502 509 4d1705 504->509 505->504 508 4d16f2-4d16f3 call 4d10d0 505->508 510 512500-512507 506->510 511 5124d3-5124d6 506->511 518 4d148e-4d1496 507->518 519 51250e-51251a 507->519 508->504 509->503 510->506 515 512509 510->515 516 5124e2-5124e5 FindClose 511->516 517 5124d8-5124e0 call 4d6246 511->517 515->519 520 5124eb-5124f8 516->520 517->520 522 4d149c-4d14c1 call 4dcfa0 518->522 523 512532-51253f 518->523 525 512524-51252b 519->525 526 51251c-51251e FreeLibrary 519->526 520->510 524 5124fa-5124fb call 5432b1 520->524 536 4d14f8-4d1503 OleUninitialize 522->536 537 4d14c3 522->537 531 512541-51255e VirtualFree 523->531 532 512566-51256d 523->532 524->510 525->519 530 51252d 525->530 526->525 530->523 531->532 535 512560-512561 call 543317 531->535 532->523 533 51256f 532->533 539 512574-512578 533->539 535->532 536->539 541 4d1509-4d150e 536->541 540 4d14c6-4d14f6 call 4d1a05 call 4d19ae 537->540 539->541 542 51257e-512584 539->542 540->536 544 512589-512596 call 5432eb 541->544 545 4d1514-4d151e 541->545 542->541 558 512598 544->558 548 4d1524-4d15a5 call 4d988f call 4d1944 call 4d17d5 call 4efe14 call 4d177c call 4d988f call 4dcfa0 call 4d17fe call 4efe14 545->548 549 4d1707-4d1714 call 4ef80e 545->549 562 51259d-5125bf call 4efdcd 548->562 588 4d15ab-4d15cf call 4efe14 548->588 549->548 560 4d171a 549->560 558->562 560->549 568 5125c1 562->568 570 5125c6-5125e8 call 4efdcd 568->570 576 5125ea 570->576 579 5125ef-512611 call 4efdcd 576->579 585 512613 579->585 589 512618-512625 call 5364d4 585->589 588->570 594 4d15d5-4d15f9 call 4efe14 588->594 595 512627 589->595 594->579 600 4d15ff-4d1619 call 4efe14 594->600 597 51262c-512639 call 4eac64 595->597 603 51263b 597->603 600->589 605 4d161f-4d1643 call 4d17d5 call 4efe14 600->605 606 512640-51264d call 543245 603->606 605->597 614 4d1649-4d1651 605->614 612 51264f 606->612 616 512654-512661 call 5432cc 612->616 614->606 615 4d1657-4d1675 call 4d988f call 4d190a 614->615 615->616 624 4d167b-4d1689 615->624 622 512663 616->622 625 512668-512675 call 5432cc 622->625 624->625 627 4d168f-4d16c5 call 4d988f * 3 call 4d1876 624->627 630 512677 625->630 630->630
                        APIs
                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 004D1459
                        • OleUninitialize.OLE32(?,00000000), ref: 004D14F8
                        • UnregisterHotKey.USER32(?), ref: 004D16DD
                        • DestroyWindow.USER32(?), ref: 005124B9
                        • FreeLibrary.KERNEL32(?), ref: 0051251E
                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0051254B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                        • String ID: close all
                        • API String ID: 469580280-3243417748
                        • Opcode ID: e835eafec02e1b50ba337ed5789e53aabf1658fb04c5471e23eebcff6c977922
                        • Instruction ID: 48fc0c492f801aa692d63a573ee803e806a57353cb05952b8ea9b704462e24e2
                        • Opcode Fuzzy Hash: e835eafec02e1b50ba337ed5789e53aabf1658fb04c5471e23eebcff6c977922
                        • Instruction Fuzzy Hash: B0D19D307012129FDB19EF15C4A9A69FBA1BF05704F15429FE84A6B361CB34EC62CF59
                        Function 004D2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 648 4d2c63-4d2cd3 CreateWindowExW * 2 ShowWindow * 2
                        APIs
                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 004D2C91
                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 004D2CB2
                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,004D1CAD,?), ref: 004D2CC6
                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,004D1CAD,?), ref: 004D2CCF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$CreateShow
                        • String ID: AutoIt v3$edit
                        • API String ID: 1584632944-3779509399
                        • Opcode ID: 9b42b2add2923d27c14935effb254d70f81d047bc09b9e297fb9f00738316f5b
                        • Instruction ID: 1662922c64a86baab0c9715eaef9a5b8cf0e029ade7564a27b0fc576b94ef0f3
                        • Opcode Fuzzy Hash: 9b42b2add2923d27c14935effb254d70f81d047bc09b9e297fb9f00738316f5b
                        • Instruction Fuzzy Hash: C8F0D0755406907AEB311B176C08E773EBDD7D7F61F00045FF90093560C6A51858EA74
                        Function 0055AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 763 55ad64-55ad9c call 4da961 call 4f2340 768 55add1-55add5 763->768 769 55ad9e-55adb5 call 4d7510 763->769 771 55add7-55adee call 4d7510 call 4d7620 768->771 772 55adf1-55adf5 768->772 769->768 778 55adb7-55adce call 4d7510 call 4d7620 769->778 771->772 773 55adf7-55ae0e call 4d7510 772->773 774 55ae3a 772->774 779 55ae3c-55ae40 773->779 787 55ae10-55ae21 call 4d9b47 773->787 774->779 778->768 783 55ae53-55aeae call 4f2340 call 4d7510 ShellExecuteExW 779->783 784 55ae42-55ae50 call 4db567 779->784 800 55aeb7-55aeb9 783->800 801 55aeb0-55aeb6 call 4efe14 783->801 784->783 787->774 799 55ae23-55ae2e call 4d7510 787->799 799->774 808 55ae30-55ae35 call 4da8c7 799->808 805 55aec2-55aec6 800->805 806 55aebb-55aec1 call 4efe14 800->806 801->800 810 55aec8-55aed6 805->810 811 55af0a-55af0e 805->811 806->805 808->774 816 55aed8 810->816 817 55aedb-55aeeb 810->817 812 55af10-55af19 811->812 813 55af1b-55af33 call 4dcfa0 811->813 820 55af6d-55af7b call 4d988f 812->820 813->820 827 55af35-55af46 GetProcessId 813->827 816->817 818 55aef0-55af08 call 4dcfa0 817->818 819 55aeed 817->819 818->820 819->818 828 55af4e-55af67 call 4dcfa0 CloseHandle 827->828 829 55af48 827->829 828->820 829->828
                        APIs
                        • ShellExecuteExW.SHELL32(0000003C), ref: 0055AEA3
                          • Part of subcall function 004D7620: _wcslen.LIBCMT ref: 004D7625
                        • GetProcessId.KERNEL32(00000000), ref: 0055AF38
                        • CloseHandle.KERNEL32(00000000), ref: 0055AF67
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CloseExecuteHandleProcessShell_wcslen
                        • String ID: <$@
                        • API String ID: 146682121-1426351568
                        • Opcode ID: e6d44333619adb2b385fc82b94dedb91892b465e69a03180260ba8de89210230
                        • Instruction ID: d95637ec12d83f0e9194c1a584f7f98ac2bb501596075701015e57f00a48178a
                        • Opcode Fuzzy Hash: e6d44333619adb2b385fc82b94dedb91892b465e69a03180260ba8de89210230
                        • Instruction Fuzzy Hash: B4717870A00215DFCB10DF55D4A1A9EBBF0BF08308F04859EE816AB392D774ED49CB95
                        Function 004D3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1142 4d3b1c-4d3b27 1143 4d3b99-4d3b9b 1142->1143 1144 4d3b29-4d3b2e 1142->1144 1145 4d3b8c-4d3b8f 1143->1145 1144->1143 1146 4d3b30-4d3b48 RegOpenKeyExW 1144->1146 1146->1143 1147 4d3b4a-4d3b69 RegQueryValueExW 1146->1147 1148 4d3b6b-4d3b76 1147->1148 1149 4d3b80-4d3b8b RegCloseKey 1147->1149 1150 4d3b78-4d3b7a 1148->1150 1151 4d3b90-4d3b97 1148->1151 1149->1145 1152 4d3b7e 1150->1152 1151->1152 1152->1149
                        APIs
                        • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,004D3B0F,SwapMouseButtons,00000004,?), ref: 004D3B40
                        • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,004D3B0F,SwapMouseButtons,00000004,?), ref: 004D3B61
                        • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,004D3B0F,SwapMouseButtons,00000004,?), ref: 004D3B83
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CloseOpenQueryValue
                        • String ID: Control Panel\Mouse
                        • API String ID: 3677997916-824357125
                        • Opcode ID: e4dee22571e8cb3cf29dfb40da343c2960db6bebb6ac65bda6da66c907955423
                        • Instruction ID: 3bd253957dc9ace9bde0a65e38afc520147be215becaa0087585ab4e16df1871
                        • Opcode Fuzzy Hash: e4dee22571e8cb3cf29dfb40da343c2960db6bebb6ac65bda6da66c907955423
                        • Instruction Fuzzy Hash: B9115AB5510208FFDB208FA8DC58AAFBBB8EF01755B10446BE801D7211D275AE44A765
                        Function 004D3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                        Download Yara Rule
                        APIs
                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 005133A2
                          • Part of subcall function 004D6B57: _wcslen.LIBCMT ref: 004D6B6A
                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 004D3A04
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: IconLoadNotifyShell_String_wcslen
                        • String ID: Line:
                        • API String ID: 2289894680-1585850449
                        • Opcode ID: 6af9d50fc3ca8b7b386dc8b0afffc47a07a692d02a60114e5c87ccaa4d33dec5
                        • Instruction ID: cfcfe9ab08bfd4bcdb41fb25c3326ee19dd5ec8045a68b3a39d34300898a1183
                        • Opcode Fuzzy Hash: 6af9d50fc3ca8b7b386dc8b0afffc47a07a692d02a60114e5c87ccaa4d33dec5
                        • Instruction Fuzzy Hash: 2131E371508304AAD720EF20DC65BEBB7D8AB41719F00092FF59983291DF789A48C7DB
                        Function 004D2DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                        Download Yara Rule
                        APIs
                        • GetOpenFileNameW.COMDLG32(?), ref: 00512C8C
                          • Part of subcall function 004D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004D3A97,?,?,004D2E7F,?,?,?,00000000), ref: 004D3AC2
                          • Part of subcall function 004D2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 004D2DC4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Name$Path$FileFullLongOpen
                        • String ID: X$`eY
                        • API String ID: 779396738-2751198956
                        • Opcode ID: 9b2ee4ed60a92c4f3906e34962734a8defc83b7e62873f1bad0f27ad40403cc5
                        • Instruction ID: 834d01046b62daf723a6a3e12cdec8ef72b31158680dbdc4b64f9bb014239ed2
                        • Opcode Fuzzy Hash: 9b2ee4ed60a92c4f3906e34962734a8defc83b7e62873f1bad0f27ad40403cc5
                        • Instruction Fuzzy Hash: EA21A170A00258ABDF01AF95C859BEE7BF8AF49308F00405BE505A7341DBF85A898BA5
                        Function 004EFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                        Download Yara Rule
                        APIs
                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004F0668
                          • Part of subcall function 004F32A4: RaiseException.KERNEL32(?,?,?,004F068A,?,005A1444,?,?,?,?,?,?,004F068A,004D1129,00598738,004D1129), ref: 004F3304
                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004F0685
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Exception@8Throw$ExceptionRaise
                        • String ID: Unknown exception
                        • API String ID: 3476068407-410509341
                        • Opcode ID: 0af359a001829dc43e1e87cb931d8a735907cbbb949ea362c4d46a31e1c89c3d
                        • Instruction ID: 7080ecafb5785735b4adec3b860917c0294f44fe56024907bea6b685ca935a9f
                        • Opcode Fuzzy Hash: 0af359a001829dc43e1e87cb931d8a735907cbbb949ea362c4d46a31e1c89c3d
                        • Instruction Fuzzy Hash: E7F0C83490020D778F00BAA6DC46CBE7B6CAE80354B604177BA14D6592EF79DA29C689
                        Function 004D10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 004D1BF4
                          • Part of subcall function 004D1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 004D1BFC
                          • Part of subcall function 004D1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 004D1C07
                          • Part of subcall function 004D1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 004D1C12
                          • Part of subcall function 004D1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 004D1C1A
                          • Part of subcall function 004D1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 004D1C22
                          • Part of subcall function 004D1B4A: RegisterWindowMessageW.USER32(00000004,?,004D12C4), ref: 004D1BA2
                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 004D136A
                        • OleInitialize.OLE32 ref: 004D1388
                        • CloseHandle.KERNEL32(00000000,00000000), ref: 005124AB
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                        • String ID:
                        • API String ID: 1986988660-0
                        • Opcode ID: 3c8b2045952e01ccc1c9a0c03dff0efeb88d1553d3b01b271a15dbb0910e6e81
                        • Instruction ID: 6080e0edae44a753127234017012a22fccdf069dd8f7e05377f6835ea004f088
                        • Opcode Fuzzy Hash: 3c8b2045952e01ccc1c9a0c03dff0efeb88d1553d3b01b271a15dbb0910e6e81
                        • Instruction Fuzzy Hash: EB719EB8D01A118EC784DF7AA9556693EE0FBAF384F14822ED44AC7361EB344448EF5D
                        Function 005086AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,005085CC,?,00598CC8,0000000C), ref: 00508704
                        • GetLastError.KERNEL32(?,005085CC,?,00598CC8,0000000C), ref: 0050870E
                        • __dosmaperr.LIBCMT ref: 00508739
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                        • String ID:
                        • API String ID: 490808831-0
                        • Opcode ID: 3b67be16f65ecfcbf96e098ed294f19e2ccc3971a62c59030ee5347cde491122
                        • Instruction ID: 8e54340b1512027dee3db25c843b32f8046c1e7869e70612d303c6106ed03457
                        • Opcode Fuzzy Hash: 3b67be16f65ecfcbf96e098ed294f19e2ccc3971a62c59030ee5347cde491122
                        • Instruction Fuzzy Hash: B501823260462016CA2067345849F7F2F456BF2774F3A0519F8449B1D3DEA3CC818650
                        Function 004E1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                        Download Yara Rule
                        APIs
                        • __Init_thread_footer.LIBCMT ref: 004E17F6
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Init_thread_footer
                        • String ID: CALL
                        • API String ID: 1385522511-4196123274
                        • Opcode ID: 777ec1d7a3bcb450e53490dcf87dc88415f6922553ebef7b2191be879f86a483
                        • Instruction ID: ee6f42e7532789394c363e445333356c08055e2d65b311428deae12ac93c2021
                        • Opcode Fuzzy Hash: 777ec1d7a3bcb450e53490dcf87dc88415f6922553ebef7b2191be879f86a483
                        • Instruction Fuzzy Hash: 34229C706083819FC714DF26C490A2ABBF1BF8A315F14895EF4968B3A1D739E845CB96
                        Function 004D3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                        Download Yara Rule
                        APIs
                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 004D3908
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: IconNotifyShell_
                        • String ID:
                        • API String ID: 1144537725-0
                        • Opcode ID: 200dfab44076dfb414875afc1244385b6a403aebb1931de1c8908fbd721f1049
                        • Instruction ID: 91132c5f88c86ee9a44a98fe17d9d55f8518d0400181f063f6a223bc0516a02a
                        • Opcode Fuzzy Hash: 200dfab44076dfb414875afc1244385b6a403aebb1931de1c8908fbd721f1049
                        • Instruction Fuzzy Hash: 2E31C1B05047019FD720EF24D894797BBE8FB5930AF00092FF59993380E7B5AA48DB5A
                        Function 004D4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,004D4EDD,?,005A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004D4E9C
                          • Part of subcall function 004D4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 004D4EAE
                          • Part of subcall function 004D4E90: FreeLibrary.KERNEL32(00000000,?,?,004D4EDD,?,005A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004D4EC0
                        • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,005A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004D4EFD
                          • Part of subcall function 004D4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00513CDE,?,005A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004D4E62
                          • Part of subcall function 004D4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 004D4E74
                          • Part of subcall function 004D4E59: FreeLibrary.KERNEL32(00000000,?,?,00513CDE,?,005A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004D4E87
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Library$Load$AddressFreeProc
                        • String ID:
                        • API String ID: 2632591731-0
                        • Opcode ID: 9e77b648fdebf5620eb7a426d786f724b7684a2858ae0d7231d002c249154cf1
                        • Instruction ID: 18107d49b59272d545855f36c4e571ee3ad03031727c6b478d4fce9652b58bf9
                        • Opcode Fuzzy Hash: 9e77b648fdebf5620eb7a426d786f724b7684a2858ae0d7231d002c249154cf1
                        • Instruction Fuzzy Hash: 3D112731600205ABDF10AF61DC26FAD7BA4AF80718F10842FF542A62E1DE789E459758
                        Function 00508402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: __wsopen_s
                        • String ID:
                        • API String ID: 3347428461-0
                        • Opcode ID: 0a3e59205b0dea6a851dfe78fa1b8c34af8a392cee78f396dca547a25da8ec82
                        • Instruction ID: f3d99e296b6d28a43bd952b43b9039d5309f476befee433eb6dadab71b7d4892
                        • Opcode Fuzzy Hash: 0a3e59205b0dea6a851dfe78fa1b8c34af8a392cee78f396dca547a25da8ec82
                        • Instruction Fuzzy Hash: AE11F57590410AAFCF05DF58E9459AE7BF5FF48314F144059F808AB352DA31DA118BA5
                        Function 00505000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00504C7D: RtlAllocateHeap.NTDLL(00000008,004D1129,00000000,?,00502E29,00000001,00000364,?,?,?,004FF2DE,00503863,005A1444,?,004EFDF5,?), ref: 00504CBE
                        • _free.LIBCMT ref: 0050506C
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: AllocateHeap_free
                        • String ID:
                        • API String ID: 614378929-0
                        • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                        • Instruction ID: 31568903bb9d2479b96de2d8af1b55b6cc9d633cccbc86303db3b1c5a26a653f
                        • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                        • Instruction Fuzzy Hash: 8E0126722047056BE3318E659889A5FFFECFB89370F65091DE184832C0EA30A805CAB4
                        Function 004FE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                        • Instruction ID: b0d0af26b586fd604c0770facc65fc6c59984d2d4a71413163b679ec1628b3a4
                        • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                        • Instruction Fuzzy Hash: 3EF0D632510A1C96E6312E678C09B7F3798AFA2336F10071BF625D62E2DA78940285AD
                        Function 00504C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • RtlAllocateHeap.NTDLL(00000008,004D1129,00000000,?,00502E29,00000001,00000364,?,?,?,004FF2DE,00503863,005A1444,?,004EFDF5,?), ref: 00504CBE
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: AllocateHeap
                        • String ID:
                        • API String ID: 1279760036-0
                        • Opcode ID: 0e6f456392f062d3fc6157a9159b34002a1306626a1ba55dc8133551003a8075
                        • Instruction ID: 757c148bef305adb556bf23c758cff1d4929bcb8e4b45eb465c9f9768eeced64
                        • Opcode Fuzzy Hash: 0e6f456392f062d3fc6157a9159b34002a1306626a1ba55dc8133551003a8075
                        • Instruction Fuzzy Hash: BCF0B47160262867FB215F629C09B6F3F88BF917A4F154126FA19A71C1CA71DC009AE4
                        Function 00503820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • RtlAllocateHeap.NTDLL(00000000,?,005A1444,?,004EFDF5,?,?,004DA976,00000010,005A1440,004D13FC,?,004D13C6,?,004D1129), ref: 00503852
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: AllocateHeap
                        • String ID:
                        • API String ID: 1279760036-0
                        • Opcode ID: 36e792009d5c1271fda23a56ca992e737c4d5c664ed5c80527e85f37ac8d9464
                        • Instruction ID: 2ee9a5a7956bd08d9e3cd1ca1052d6a1e936e7b12c4d633a1aa020061e7c176f
                        • Opcode Fuzzy Hash: 36e792009d5c1271fda23a56ca992e737c4d5c664ed5c80527e85f37ac8d9464
                        • Instruction Fuzzy Hash: F5E0ED31102228A7EB312A779C00BAF3E4CBF827B0F0580A6FD05924C0CB21DE0182E5
                        Function 004D4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                        Download Yara Rule
                        APIs
                        • FreeLibrary.KERNEL32(?,?,005A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004D4F6D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: FreeLibrary
                        • String ID:
                        • API String ID: 3664257935-0
                        • Opcode ID: 6866b1219d8390d0b8d88c32bfec6e000a4808d02b5c9bdba4e62d7b2abf69ed
                        • Instruction ID: 6f52082f72b4a4390d407778e278d095ddf01f8fe52368ea8be6ddf5eccc8a83
                        • Opcode Fuzzy Hash: 6866b1219d8390d0b8d88c32bfec6e000a4808d02b5c9bdba4e62d7b2abf69ed
                        • Instruction Fuzzy Hash: 78F01571105752CFDB349F65D4A4822BBE4AF54329320896FE2EA82721CB399848DB18
                        Function 004D30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                        Download Yara Rule
                        APIs
                        • Shell_NotifyIconW.SHELL32(00000002,?), ref: 004D314E
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: IconNotifyShell_
                        • String ID:
                        • API String ID: 1144537725-0
                        • Opcode ID: 2c9d5dae4dde3f623e83db2a7aeb5f5c8c42df8e38747be3810d7dc6a9ee3c38
                        • Instruction ID: 30b6acc242b2f9e9a8ab063e876541110a1eb91697202e5db48b879df73c0df7
                        • Opcode Fuzzy Hash: 2c9d5dae4dde3f623e83db2a7aeb5f5c8c42df8e38747be3810d7dc6a9ee3c38
                        • Instruction Fuzzy Hash: 73F037709143589FEB52DF64DC497DA7BBCA71170CF0000EAA68897291DBB4578CCF55
                        Function 004D2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                        Download Yara Rule
                        APIs
                        • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 004D2DC4
                          • Part of subcall function 004D6B57: _wcslen.LIBCMT ref: 004D6B6A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: LongNamePath_wcslen
                        • String ID:
                        • API String ID: 541455249-0
                        • Opcode ID: 539ab1e4ac0700b57af384f8e0dcfec4037dec010a17742922bbd0914d520d26
                        • Instruction ID: 6da3b1898b08d048822e6f5987bb2507c2d65f3e6e5a95a9796574d3217ba185
                        • Opcode Fuzzy Hash: 539ab1e4ac0700b57af384f8e0dcfec4037dec010a17742922bbd0914d520d26
                        • Instruction Fuzzy Hash: D6E0CD766041245BC710A2589C09FEA77DDDFC8790F0500B6FD49D7248DA64AD848564
                        Function 004D2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 004D3908
                          • Part of subcall function 004DD730: GetInputState.USER32 ref: 004DD807
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 004D2B6B
                          • Part of subcall function 004D30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 004D314E
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: IconNotifyShell_$CurrentDirectoryInputState
                        • String ID:
                        • API String ID: 3667716007-0
                        • Opcode ID: bae0dffb9cf395402ad274c3605963a96f4918281ec3f7397f202f9f023efec6
                        • Instruction ID: f4ed4ba6f63997d8e075318a490974978047e15266830ab4d0bd12c7d2dbc7b4
                        • Opcode Fuzzy Hash: bae0dffb9cf395402ad274c3605963a96f4918281ec3f7397f202f9f023efec6
                        • Instruction Fuzzy Hash: 91E0862170424406CA04BF7AA87657DBB999BE635AF40153FF14283362CEAC4949525A
                        Function 0051039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • CreateFileW.KERNEL32(00000000,00000000,?,00510704,?,?,00000000,?,00510704,00000000,0000000C), ref: 005103B7
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: 0f46499649693fca45f67ea004495764615430792318d0b7f79a60780e8c7113
                        • Instruction ID: 1676e18be3fa31675632e61b6d57f9fd308ef166d21abfb101a83989f9afe505
                        • Opcode Fuzzy Hash: 0f46499649693fca45f67ea004495764615430792318d0b7f79a60780e8c7113
                        • Instruction Fuzzy Hash: 56D06C3204010DBBDF028F84DD06EDA3FAAFB48714F014000FE5856020C772E821EB90
                        Function 004D1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                        Download Yara Rule
                        APIs
                        • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 004D1CBC
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: InfoParametersSystem
                        • String ID:
                        • API String ID: 3098949447-0
                        • Opcode ID: 0a46cb97f1718c60cf9c5c6cd1366648b028f6f947eec46119a17684c58b51ae
                        • Instruction ID: e179865bc92ca8ad716f639cf90583648e857cf2258226a29df6f95210cf3a43
                        • Opcode Fuzzy Hash: 0a46cb97f1718c60cf9c5c6cd1366648b028f6f947eec46119a17684c58b51ae
                        • Instruction Fuzzy Hash: E5C09B352803049FF6144B84BC4BF107754B37DB11F044402F649595E3C3E11414FE54

                        Non-executed Functions

                        Function 00569576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004E9BB2
                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0056961A
                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0056965B
                        • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0056969F
                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005696C9
                        • SendMessageW.USER32 ref: 005696F2
                        • GetKeyState.USER32(00000011), ref: 0056978B
                        • GetKeyState.USER32(00000009), ref: 00569798
                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 005697AE
                        • GetKeyState.USER32(00000010), ref: 005697B8
                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005697E9
                        • SendMessageW.USER32 ref: 00569810
                        • SendMessageW.USER32(?,00001030,?,00567E95), ref: 00569918
                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0056992E
                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00569941
                        • SetCapture.USER32(?), ref: 0056994A
                        • ClientToScreen.USER32(?,?), ref: 005699AF
                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 005699BC
                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005699D6
                        • ReleaseCapture.USER32 ref: 005699E1
                        • GetCursorPos.USER32(?), ref: 00569A19
                        • ScreenToClient.USER32(?,?), ref: 00569A26
                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00569A80
                        • SendMessageW.USER32 ref: 00569AAE
                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00569AEB
                        • SendMessageW.USER32 ref: 00569B1A
                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00569B3B
                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00569B4A
                        • GetCursorPos.USER32(?), ref: 00569B68
                        • ScreenToClient.USER32(?,?), ref: 00569B75
                        • GetParent.USER32(?), ref: 00569B93
                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00569BFA
                        • SendMessageW.USER32 ref: 00569C2B
                        • ClientToScreen.USER32(?,?), ref: 00569C84
                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00569CB4
                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00569CDE
                        • SendMessageW.USER32 ref: 00569D01
                        • ClientToScreen.USER32(?,?), ref: 00569D4E
                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00569D82
                          • Part of subcall function 004E9944: GetWindowLongW.USER32(?,000000EB), ref: 004E9952
                        • GetWindowLongW.USER32(?,000000F0), ref: 00569E05
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                        • String ID: @GUI_DRAGID$F$p#Z
                        • API String ID: 3429851547-1622621543
                        • Opcode ID: b2afec77ae94b44f2315565d1891c6291755282ea40dfebe9ee4c1d7e2e26ba7
                        • Instruction ID: 26114e2c0c82d8deac13a89ca44fbadbe86222a1cbd2dd9b07a9220e617c99b2
                        • Opcode Fuzzy Hash: b2afec77ae94b44f2315565d1891c6291755282ea40dfebe9ee4c1d7e2e26ba7
                        • Instruction Fuzzy Hash: D2428C34204341AFDB24CF28CC84AAABFE9FF59314F140A1EF6998B2A1D771E854DB55
                        Function 00564873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 005648F3
                        • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00564908
                        • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00564927
                        • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0056494B
                        • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0056495C
                        • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0056497B
                        • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 005649AE
                        • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 005649D4
                        • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00564A0F
                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00564A56
                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00564A7E
                        • IsMenu.USER32(?), ref: 00564A97
                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00564AF2
                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00564B20
                        • GetWindowLongW.USER32(?,000000F0), ref: 00564B94
                        • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00564BE3
                        • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00564C82
                        • wsprintfW.USER32 ref: 00564CAE
                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00564CC9
                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00564CF1
                        • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00564D13
                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00564D33
                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00564D5A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                        • String ID: %d/%02d/%02d
                        • API String ID: 4054740463-328681919
                        • Opcode ID: 909aeb7f496fd01aa058f8036d65c5c57d5f7cbce17551d2219f58473e6dca3f
                        • Instruction ID: a40edfbf59df04d309ab00b791668ba7908be7ea7c88b22e921893f74112cd31
                        • Opcode Fuzzy Hash: 909aeb7f496fd01aa058f8036d65c5c57d5f7cbce17551d2219f58473e6dca3f
                        • Instruction Fuzzy Hash: 7412DB71600254ABEB249F29DC49FAF7FB8FB45710F10412AF916EB2A1DBB89944CF50
                        Function 004EF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                        Download Yara Rule
                        APIs
                        • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 004EF998
                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0052F474
                        • IsIconic.USER32(00000000), ref: 0052F47D
                        • ShowWindow.USER32(00000000,00000009), ref: 0052F48A
                        • SetForegroundWindow.USER32(00000000), ref: 0052F494
                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0052F4AA
                        • GetCurrentThreadId.KERNEL32 ref: 0052F4B1
                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0052F4BD
                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 0052F4CE
                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 0052F4D6
                        • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0052F4DE
                        • SetForegroundWindow.USER32(00000000), ref: 0052F4E1
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0052F4F6
                        • keybd_event.USER32(00000012,00000000), ref: 0052F501
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0052F50B
                        • keybd_event.USER32(00000012,00000000), ref: 0052F510
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0052F519
                        • keybd_event.USER32(00000012,00000000), ref: 0052F51E
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0052F528
                        • keybd_event.USER32(00000012,00000000), ref: 0052F52D
                        • SetForegroundWindow.USER32(00000000), ref: 0052F530
                        • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0052F557
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                        • String ID: Shell_TrayWnd
                        • API String ID: 4125248594-2988720461
                        • Opcode ID: a06f901601bb7e4e2e13d370861077ac7b899151b74dbb7cf121581be8557b73
                        • Instruction ID: 5a0a4d52cbfe5368cda8298f9063060a54514de522eb4491c00b9e0e8a82e7a0
                        • Opcode Fuzzy Hash: a06f901601bb7e4e2e13d370861077ac7b899151b74dbb7cf121581be8557b73
                        • Instruction Fuzzy Hash: 44313271A402187BEB206BB9AC49FBF7E7CEB55B50F100466F641E71D1C6F15900ABA1
                        Function 00531201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 005316C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0053170D
                          • Part of subcall function 005316C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0053173A
                          • Part of subcall function 005316C3: GetLastError.KERNEL32 ref: 0053174A
                        • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00531286
                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 005312A8
                        • CloseHandle.KERNEL32(?), ref: 005312B9
                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 005312D1
                        • GetProcessWindowStation.USER32 ref: 005312EA
                        • SetProcessWindowStation.USER32(00000000), ref: 005312F4
                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00531310
                          • Part of subcall function 005310BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,005311FC), ref: 005310D4
                          • Part of subcall function 005310BF: CloseHandle.KERNEL32(?,?,005311FC), ref: 005310E9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                        • String ID: $default$winsta0$ZY
                        • API String ID: 22674027-3783130828
                        • Opcode ID: 337ffbcb9b78675b3a643769b6fe82fc9a8d362910f84939605b50116111ec41
                        • Instruction ID: f80fe1e5c034793456455899b2aa8fe5ed4044c1e524afb1deab21ff13cdb2fc
                        • Opcode Fuzzy Hash: 337ffbcb9b78675b3a643769b6fe82fc9a8d362910f84939605b50116111ec41
                        • Instruction Fuzzy Hash: 99818971900309ABDF219FA8DC49BFE7FB9FF04704F144129F911A62A0DB758958DB28
                        Function 00530B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 005310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00531114
                          • Part of subcall function 005310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00530B9B,?,?,?), ref: 00531120
                          • Part of subcall function 005310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00530B9B,?,?,?), ref: 0053112F
                          • Part of subcall function 005310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00530B9B,?,?,?), ref: 00531136
                          • Part of subcall function 005310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0053114D
                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00530BCC
                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00530C00
                        • GetLengthSid.ADVAPI32(?), ref: 00530C17
                        • GetAce.ADVAPI32(?,00000000,?), ref: 00530C51
                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00530C6D
                        • GetLengthSid.ADVAPI32(?), ref: 00530C84
                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00530C8C
                        • HeapAlloc.KERNEL32(00000000), ref: 00530C93
                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00530CB4
                        • CopySid.ADVAPI32(00000000), ref: 00530CBB
                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00530CEA
                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00530D0C
                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00530D1E
                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00530D45
                        • HeapFree.KERNEL32(00000000), ref: 00530D4C
                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00530D55
                        • HeapFree.KERNEL32(00000000), ref: 00530D5C
                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00530D65
                        • HeapFree.KERNEL32(00000000), ref: 00530D6C
                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00530D78
                        • HeapFree.KERNEL32(00000000), ref: 00530D7F
                          • Part of subcall function 00531193: GetProcessHeap.KERNEL32(00000008,00530BB1,?,00000000,?,00530BB1,?), ref: 005311A1
                          • Part of subcall function 00531193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00530BB1,?), ref: 005311A8
                          • Part of subcall function 00531193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00530BB1,?), ref: 005311B7
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                        • String ID:
                        • API String ID: 4175595110-0
                        • Opcode ID: bc794324b0ff67aea3ac2a525ce9af20427686fb9ed1484f8859592eeef47e5d
                        • Instruction ID: 4642986827e32a00091107b859da9ae0b4039157762349dfd106781d8df7ccfe
                        • Opcode Fuzzy Hash: bc794324b0ff67aea3ac2a525ce9af20427686fb9ed1484f8859592eeef47e5d
                        • Instruction Fuzzy Hash: C8717B7290020AABDF10DFE8DC48FEEBFB8BF14310F045555E954A7191D7B1AA09CB60
                        Function 0054EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                        Download Yara Rule
                        APIs
                        • OpenClipboard.USER32(0056CC08), ref: 0054EB29
                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 0054EB37
                        • GetClipboardData.USER32(0000000D), ref: 0054EB43
                        • CloseClipboard.USER32 ref: 0054EB4F
                        • GlobalLock.KERNEL32(00000000), ref: 0054EB87
                        • CloseClipboard.USER32 ref: 0054EB91
                        • GlobalUnlock.KERNEL32(00000000,00000000), ref: 0054EBBC
                        • IsClipboardFormatAvailable.USER32(00000001), ref: 0054EBC9
                        • GetClipboardData.USER32(00000001), ref: 0054EBD1
                        • GlobalLock.KERNEL32(00000000), ref: 0054EBE2
                        • GlobalUnlock.KERNEL32(00000000,?), ref: 0054EC22
                        • IsClipboardFormatAvailable.USER32(0000000F), ref: 0054EC38
                        • GetClipboardData.USER32(0000000F), ref: 0054EC44
                        • GlobalLock.KERNEL32(00000000), ref: 0054EC55
                        • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0054EC77
                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0054EC94
                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0054ECD2
                        • GlobalUnlock.KERNEL32(00000000,?,?), ref: 0054ECF3
                        • CountClipboardFormats.USER32 ref: 0054ED14
                        • CloseClipboard.USER32 ref: 0054ED59
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                        • String ID:
                        • API String ID: 420908878-0
                        • Opcode ID: 583c34834bdb8264a42fd91655812c3ed3fada8a34d43339db06859b30286f86
                        • Instruction ID: 24af6149b19b96850d0bb7feb8bae246b1baa941f90d57f79a8488d421639f63
                        • Opcode Fuzzy Hash: 583c34834bdb8264a42fd91655812c3ed3fada8a34d43339db06859b30286f86
                        • Instruction Fuzzy Hash: F861AE342042019FD300EF68D89AFBA7BA4FF94748F14455EF896972A1CB71ED09DB62
                        Function 0054698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                        Download Yara Rule
                        APIs
                        • FindFirstFileW.KERNEL32(?,?), ref: 005469BE
                        • FindClose.KERNEL32(00000000), ref: 00546A12
                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00546A4E
                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00546A75
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00546AB2
                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00546ADF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                        • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                        • API String ID: 3830820486-3289030164
                        • Opcode ID: 7a447ccaf54c2c38dc937f470a28fe746322bd14aeac8a47f251bfd210013f33
                        • Instruction ID: 1d6e0b67b0147b60116e596e67764ca51c41a14b78d30ab81f4ece5a5c52c692
                        • Opcode Fuzzy Hash: 7a447ccaf54c2c38dc937f470a28fe746322bd14aeac8a47f251bfd210013f33
                        • Instruction Fuzzy Hash: B5D16171508340AEC714EBA5C891EABB7ECBF88708F44491FF585C7291EB78DA48C762
                        Function 00549642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                        Download Yara Rule
                        APIs
                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00549663
                        • GetFileAttributesW.KERNEL32(?), ref: 005496A1
                        • SetFileAttributesW.KERNEL32(?,?), ref: 005496BB
                        • FindNextFileW.KERNEL32(00000000,?), ref: 005496D3
                        • FindClose.KERNEL32(00000000), ref: 005496DE
                        • FindFirstFileW.KERNEL32(*.*,?), ref: 005496FA
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0054974A
                        • SetCurrentDirectoryW.KERNEL32(00596B7C), ref: 00549768
                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00549772
                        • FindClose.KERNEL32(00000000), ref: 0054977F
                        • FindClose.KERNEL32(00000000), ref: 0054978F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                        • String ID: *.*
                        • API String ID: 1409584000-438819550
                        • Opcode ID: dc35b9fbb0b10cc9a9070636a269bc25d7dc12c88e6f9e74fd8a6e8ad43ec80e
                        • Instruction ID: a28e1a6a841c10aa601a890e4c3d80593ec3744370d95d4f5b42d7a175975b2b
                        • Opcode Fuzzy Hash: dc35b9fbb0b10cc9a9070636a269bc25d7dc12c88e6f9e74fd8a6e8ad43ec80e
                        • Instruction Fuzzy Hash: 5431CF366002196ADB10AFB8DC0AAEF7FACEF4A324F144196E955E3190EB74DD488B14
                        Function 0054979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                        Download Yara Rule
                        APIs
                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 005497BE
                        • FindNextFileW.KERNEL32(00000000,?), ref: 00549819
                        • FindClose.KERNEL32(00000000), ref: 00549824
                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00549840
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00549890
                        • SetCurrentDirectoryW.KERNEL32(00596B7C), ref: 005498AE
                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 005498B8
                        • FindClose.KERNEL32(00000000), ref: 005498C5
                        • FindClose.KERNEL32(00000000), ref: 005498D5
                          • Part of subcall function 0053DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0053DB00
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                        • String ID: *.*
                        • API String ID: 2640511053-438819550
                        • Opcode ID: 380c6fa55887312d2d7d0009121e843669412889a4af3c6adb6e44ed6aaa4997
                        • Instruction ID: 35e3626b10f43e5a9021084938f8c3ea5f55b8c199c78aacf27a39f29429e82d
                        • Opcode Fuzzy Hash: 380c6fa55887312d2d7d0009121e843669412889a4af3c6adb6e44ed6aaa4997
                        • Instruction Fuzzy Hash: 6731C3316002196ADF10EFB8EC4AAEF7FBCBF46328F144196E950A3190DB70DD498A64
                        Function 0055BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0055C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0055B6AE,?,?), ref: 0055C9B5
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055C9F1
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055CA68
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055CA9E
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0055BF3E
                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0055BFA9
                        • RegCloseKey.ADVAPI32(00000000), ref: 0055BFCD
                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0055C02C
                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0055C0E7
                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0055C154
                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0055C1E9
                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0055C23A
                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0055C2E3
                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0055C382
                        • RegCloseKey.ADVAPI32(00000000), ref: 0055C38F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                        • String ID:
                        • API String ID: 3102970594-0
                        • Opcode ID: 73a1f88785dc6cad8f593e4141f48fee25b5f0c0a3a1de5627596096744d89a3
                        • Instruction ID: 4f13de68c9097a18e50df3cdc71c367c4b5d1bc589fa44a6b87d9617fe737a9a
                        • Opcode Fuzzy Hash: 73a1f88785dc6cad8f593e4141f48fee25b5f0c0a3a1de5627596096744d89a3
                        • Instruction Fuzzy Hash: D8024E716042009FD714DF28C8A5E2ABBE5BF49318F19889EF84ACB2A2D735ED45CB51
                        Function 00548195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                        Download Yara Rule
                        APIs
                        • GetLocalTime.KERNEL32(?), ref: 00548257
                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00548267
                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00548273
                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00548310
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00548324
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00548356
                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0054838C
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00548395
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CurrentDirectoryTime$File$Local$System
                        • String ID: *.*
                        • API String ID: 1464919966-438819550
                        • Opcode ID: 532bf3ded29badece032c29e4ff3f5133fb00ea81bd22dabe43a953673aba91a
                        • Instruction ID: 7491618624a2dd8dae529f8d0eeb786200f51646f5961c28818e4b4c04378059
                        • Opcode Fuzzy Hash: 532bf3ded29badece032c29e4ff3f5133fb00ea81bd22dabe43a953673aba91a
                        • Instruction Fuzzy Hash: 3C616A725083059FC710EF64C8549AEB7E8FF89318F048D1EF98987251EB35E949CB92
                        Function 0053D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004D3A97,?,?,004D2E7F,?,?,?,00000000), ref: 004D3AC2
                          • Part of subcall function 0053E199: GetFileAttributesW.KERNEL32(?,0053CF95), ref: 0053E19A
                        • FindFirstFileW.KERNEL32(?,?), ref: 0053D122
                        • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0053D1DD
                        • MoveFileW.KERNEL32(?,?), ref: 0053D1F0
                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 0053D20D
                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0053D237
                          • Part of subcall function 0053D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0053D21C,?,?), ref: 0053D2B2
                        • FindClose.KERNEL32(00000000,?,?,?), ref: 0053D253
                        • FindClose.KERNEL32(00000000), ref: 0053D264
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                        • String ID: \*.*
                        • API String ID: 1946585618-1173974218
                        • Opcode ID: 07f86333d0670c0b83143492c0fc6ad22041f84168dd7b7e7e67c1886b280052
                        • Instruction ID: ebac3ef364b89e00da66a7f544cbb829fe3fe26a0d77331fd563f1d4b9dce2d2
                        • Opcode Fuzzy Hash: 07f86333d0670c0b83143492c0fc6ad22041f84168dd7b7e7e67c1886b280052
                        • Instruction Fuzzy Hash: 12618D3190110D9BCF05EBE1EAA29EEBBB5BF55344F24406AF402B3291EB345F09DB61
                        Function 0054ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                        • String ID:
                        • API String ID: 1737998785-0
                        • Opcode ID: 0b4699c8a424cfcdd9c9fd3527464f8990e1ebb351d3e6c1189eac30d35d47e7
                        • Instruction ID: ebf203080524fb5b40162c6c215543fc1c46769926b16ef37c273f38076b0955
                        • Opcode Fuzzy Hash: 0b4699c8a424cfcdd9c9fd3527464f8990e1ebb351d3e6c1189eac30d35d47e7
                        • Instruction Fuzzy Hash: 3141DC35604611AFE720CF19D88AB69BFE5FF44328F04C49EE8568B6A2C775EC41CB80
                        Function 0053E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 005316C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0053170D
                          • Part of subcall function 005316C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0053173A
                          • Part of subcall function 005316C3: GetLastError.KERNEL32 ref: 0053174A
                        • ExitWindowsEx.USER32(?,00000000), ref: 0053E932
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                        • String ID: $ $@$SeShutdownPrivilege
                        • API String ID: 2234035333-3163812486
                        • Opcode ID: 52890180822269c4a1235041f2d4681b43ec6f9aa7ac063508ff814f1f1e115c
                        • Instruction ID: 0bf41228f6d6bdf30e570437edea67fd13384faaaa6cdb086886049db67c8e43
                        • Opcode Fuzzy Hash: 52890180822269c4a1235041f2d4681b43ec6f9aa7ac063508ff814f1f1e115c
                        • Instruction Fuzzy Hash: 5901D673610211ABEB6466B89C8BBBF7FDCB714750F154822FC03E31D1D5A05C449394
                        Function 00551204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                        Download Yara Rule
                        APIs
                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00551276
                        • WSAGetLastError.WSOCK32 ref: 00551283
                        • bind.WSOCK32(00000000,?,00000010), ref: 005512BA
                        • WSAGetLastError.WSOCK32 ref: 005512C5
                        • closesocket.WSOCK32(00000000), ref: 005512F4
                        • listen.WSOCK32(00000000,00000005), ref: 00551303
                        • WSAGetLastError.WSOCK32 ref: 0055130D
                        • closesocket.WSOCK32(00000000), ref: 0055133C
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorLast$closesocket$bindlistensocket
                        • String ID:
                        • API String ID: 540024437-0
                        • Opcode ID: ea5a637ab874130b94b5a1641bd0fadfa98a528fa3fa082df33e95b13221a8c0
                        • Instruction ID: 24949b4038dec71b09367df48a1c5be6b315652656f5b24d4398c901f05b41c5
                        • Opcode Fuzzy Hash: ea5a637ab874130b94b5a1641bd0fadfa98a528fa3fa082df33e95b13221a8c0
                        • Instruction Fuzzy Hash: 4B41A0346005019FD720DF29C4A8B29BFE5BF86319F18818AD8568F292C775EC89CBE1
                        Function 0053D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004D3A97,?,?,004D2E7F,?,?,?,00000000), ref: 004D3AC2
                          • Part of subcall function 0053E199: GetFileAttributesW.KERNEL32(?,0053CF95), ref: 0053E19A
                        • FindFirstFileW.KERNEL32(?,?), ref: 0053D420
                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 0053D470
                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0053D481
                        • FindClose.KERNEL32(00000000), ref: 0053D498
                        • FindClose.KERNEL32(00000000), ref: 0053D4A1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                        • String ID: \*.*
                        • API String ID: 2649000838-1173974218
                        • Opcode ID: eb19cd0db7d3e2d0b50f0dec737f67a7a3ca2bba1fc77bcbc89b8483f48cf247
                        • Instruction ID: 9de797304768b0732973e8e0f34154e1dca57098f9f755b52aa3026e33801a85
                        • Opcode Fuzzy Hash: eb19cd0db7d3e2d0b50f0dec737f67a7a3ca2bba1fc77bcbc89b8483f48cf247
                        • Instruction Fuzzy Hash: 25316F710083419BC701EF65D8A58AFBBB8BEA1304F444E1FF8D193291EB74AA19D767
                        Function 0050E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: __floor_pentium4
                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                        • API String ID: 4168288129-2761157908
                        • Opcode ID: 6c4b2a125eec18c7944ff5a3c5d209908602b45d068b0588cba2c1e4d301d56f
                        • Instruction ID: 825e0c8e6f64a8d9d33aca054178d110f2dd784a3f1408a2cde371445a45ba87
                        • Opcode Fuzzy Hash: 6c4b2a125eec18c7944ff5a3c5d209908602b45d068b0588cba2c1e4d301d56f
                        • Instruction Fuzzy Hash: 50C22971E046298FDB25CE289D457EEBBB5FB44304F2445EAD84DE7281E778AE818F40
                        Function 0054648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                        Download Yara Rule
                        APIs
                        • _wcslen.LIBCMT ref: 005464DC
                        • CoInitialize.OLE32(00000000), ref: 00546639
                        • CoCreateInstance.OLE32(0056FCF8,00000000,00000001,0056FB68,?), ref: 00546650
                        • CoUninitialize.OLE32 ref: 005468D4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                        • String ID: .lnk
                        • API String ID: 886957087-24824748
                        • Opcode ID: 3c572f5b7f3e7df5bce0e8f23dc433884bede3dab88c319cab7ae071ce8a923f
                        • Instruction ID: c8d67eb1c8bb660e35bea2c9c5ef94bef3722eebf8de1a4397a42eabee90aad1
                        • Opcode Fuzzy Hash: 3c572f5b7f3e7df5bce0e8f23dc433884bede3dab88c319cab7ae071ce8a923f
                        • Instruction Fuzzy Hash: 49D14B716083019FC314EF25C891AABBBE9FF95708F40495EF5958B291EB70ED05CB92
                        Function 005522DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                        Download Yara Rule
                        APIs
                        • GetForegroundWindow.USER32(?,?,00000000), ref: 005522E8
                          • Part of subcall function 0054E4EC: GetWindowRect.USER32(?,?), ref: 0054E504
                        • GetDesktopWindow.USER32 ref: 00552312
                        • GetWindowRect.USER32(00000000), ref: 00552319
                        • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00552355
                        • GetCursorPos.USER32(?), ref: 00552381
                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 005523DF
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$Rectmouse_event$CursorDesktopForeground
                        • String ID:
                        • API String ID: 2387181109-0
                        • Opcode ID: 48cd6c87ba21002a39feabe808c480487007cd80572a8ad8967faba49ab2b83b
                        • Instruction ID: 276ffccb55282e85f12644b0f8fb08580eaa399f53118fc25802b840c693c1b5
                        • Opcode Fuzzy Hash: 48cd6c87ba21002a39feabe808c480487007cd80572a8ad8967faba49ab2b83b
                        • Instruction Fuzzy Hash: FF31D072504315AFC720DF58C849B6BBBE9FF95314F00091AF985D7291DB74EA08CB92
                        Function 00549B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                        • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00549B78
                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00549C8B
                          • Part of subcall function 00543874: GetInputState.USER32 ref: 005438CB
                          • Part of subcall function 00543874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00543966
                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00549BA8
                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00549C75
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                        • String ID: *.*
                        • API String ID: 1972594611-438819550
                        • Opcode ID: aaaa1afa008711e36b9d5ef848ef28b3033a0016f7adf69b3db6ff7571620ab0
                        • Instruction ID: d5b3b1f68eea8ff3ffc122deddbfa0a625272242c6af22202c3d8d6f01493ed7
                        • Opcode Fuzzy Hash: aaaa1afa008711e36b9d5ef848ef28b3033a0016f7adf69b3db6ff7571620ab0
                        • Instruction Fuzzy Hash: D741817190420A9FCF14DF64C99AAEEBFB4FF05305F24415AE805A3291EB309E44CF65
                        Function 004E997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004E9BB2
                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 004E9A4E
                        • GetSysColor.USER32(0000000F), ref: 004E9B23
                        • SetBkColor.GDI32(?,00000000), ref: 004E9B36
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Color$LongProcWindow
                        • String ID:
                        • API String ID: 3131106179-0
                        • Opcode ID: eb3ab19d741e5a5c874aba436e01b74ba4892985e3af4bfd157c2e8c79c48c51
                        • Instruction ID: abac681c5ea21f9edf28e957fce1a0215117c1cf7409a41406bf35f3930801bc
                        • Opcode Fuzzy Hash: eb3ab19d741e5a5c874aba436e01b74ba4892985e3af4bfd157c2e8c79c48c51
                        • Instruction Fuzzy Hash: FDA1E7701085E8AEE728DA2E9C58D7B3E9DFF87345F18011BF502C66D1CA699D02D27A
                        Function 00551806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0055304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0055307A
                          • Part of subcall function 0055304E: _wcslen.LIBCMT ref: 0055309B
                        • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0055185D
                        • WSAGetLastError.WSOCK32 ref: 00551884
                        • bind.WSOCK32(00000000,?,00000010), ref: 005518DB
                        • WSAGetLastError.WSOCK32 ref: 005518E6
                        • closesocket.WSOCK32(00000000), ref: 00551915
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                        • String ID:
                        • API String ID: 1601658205-0
                        • Opcode ID: 3f220bbee43826763baa96d3dcf898d619db9696f3c917d70a0440a9cc0b6a3a
                        • Instruction ID: d74769a2223f60beb49f257182e65b24298f9ead520402c45a367f337b810a9d
                        • Opcode Fuzzy Hash: 3f220bbee43826763baa96d3dcf898d619db9696f3c917d70a0440a9cc0b6a3a
                        • Instruction Fuzzy Hash: 8751D371A00200AFD720AF25C8A6F6A7BE5AB44718F04849EF9569F3C3C775AD41CBA5
                        Function 00561C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                        • String ID:
                        • API String ID: 292994002-0
                        • Opcode ID: 654f3eb71f32e0f26a52b2280b416c66ae0eef5e1ec01194c56d894ae51e77b2
                        • Instruction ID: 89f0dfc9854ce04bcb4799ee00821bb9a2d41e040924a8aeeb77b37c0e46716a
                        • Opcode Fuzzy Hash: 654f3eb71f32e0f26a52b2280b416c66ae0eef5e1ec01194c56d894ae51e77b2
                        • Instruction Fuzzy Hash: A4219E31740A015FE7208F2AC884B7A7FA5FF95315B1C8469E8468B351CBB1DC42CB98
                        Function 004D8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                        • API String ID: 0-1546025612
                        • Opcode ID: b901c33985132da12165efd1daa481215108a4e9e5d11953b47b321ed9c4c3df
                        • Instruction ID: 60c5e9e45800dbab6ec55efde84d23be22c7076d14ae4b91f87b7db46844d8cb
                        • Opcode Fuzzy Hash: b901c33985132da12165efd1daa481215108a4e9e5d11953b47b321ed9c4c3df
                        • Instruction Fuzzy Hash: 98A26C74A0021ACBEF24CF58C8507FEBBB1BB54314F24859BE815A7385EB749D81CB95
                        Function 00538298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                        Download Yara Rule
                        APIs
                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 005382AA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: lstrlen
                        • String ID: ($tbY$|
                        • API String ID: 1659193697-2873647020
                        • Opcode ID: 8ab6d0801946586c830510c8982e118fa038de3d652f83de2114b48e640e8d1d
                        • Instruction ID: 30d328295e7be815f77a12311c81847cacbd7f3bf7f948a5d5d98aa0ebce8190
                        • Opcode Fuzzy Hash: 8ab6d0801946586c830510c8982e118fa038de3d652f83de2114b48e640e8d1d
                        • Instruction Fuzzy Hash: 8F323574A007059FCB28CF59C481A6ABBF0FF48710F15896EE49ADB7A1EB70E941CB44
                        Function 0053AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                        Download Yara Rule
                        APIs
                        • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0053AAAC
                        • SetKeyboardState.USER32(00000080), ref: 0053AAC8
                        • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0053AB36
                        • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0053AB88
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: KeyboardState$InputMessagePostSend
                        • String ID:
                        • API String ID: 432972143-0
                        • Opcode ID: 9330ebc04d9ed39cda673fd6577c981f3bdacf2f5ae36dce85a8b53ceefc37ba
                        • Instruction ID: aab971be2ce9e8e95e473893e40aa1d26489413f31fb0287cb9118069eb11246
                        • Opcode Fuzzy Hash: 9330ebc04d9ed39cda673fd6577c981f3bdacf2f5ae36dce85a8b53ceefc37ba
                        • Instruction Fuzzy Hash: 46313B71A40248AEFF35CB68CC15BFABFAABB54310F04421AF1C1561D1D7748985D763
                        Function 0050BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                        Download Yara Rule
                        APIs
                        • _free.LIBCMT ref: 0050BB7F
                          • Part of subcall function 005029C8: HeapFree.KERNEL32(00000000,00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000), ref: 005029DE
                          • Part of subcall function 005029C8: GetLastError.KERNEL32(00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000,00000000), ref: 005029F0
                        • GetTimeZoneInformation.KERNEL32 ref: 0050BB91
                        • WideCharToMultiByte.KERNEL32(00000000,?,005A121C,000000FF,?,0000003F,?,?), ref: 0050BC09
                        • WideCharToMultiByte.KERNEL32(00000000,?,005A1270,000000FF,?,0000003F,?,?,?,005A121C,000000FF,?,0000003F,?,?), ref: 0050BC36
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                        • String ID:
                        • API String ID: 806657224-0
                        • Opcode ID: 867504ead8d315aad435b6a08f0309ea6d21fe275ab589b2d336736719f2d8e1
                        • Instruction ID: b7c6391af8f4398b9e4ef85ed3a5aa2037c91f893fe2300ae5171cfdb31d945c
                        • Opcode Fuzzy Hash: 867504ead8d315aad435b6a08f0309ea6d21fe275ab589b2d336736719f2d8e1
                        • Instruction Fuzzy Hash: A731CD74904246DFEB10DF6ACC80A6DBFB8FFA6350B1446AAE061DB2E1D7309E44DB54
                        Function 0054CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                        Download Yara Rule
                        APIs
                        • InternetReadFile.WININET(?,?,00000400,?), ref: 0054CE89
                        • GetLastError.KERNEL32(?,00000000), ref: 0054CEEA
                        • SetEvent.KERNEL32(?,?,00000000), ref: 0054CEFE
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorEventFileInternetLastRead
                        • String ID:
                        • API String ID: 234945975-0
                        • Opcode ID: 4892b8769fa2477814bb592241a814fa2adcc13c0f75d2b59f8204086591c7fb
                        • Instruction ID: 2b16515cf947b8e98a2b869ae56475e744350ee2c3acc7e244b5888a5f77177f
                        • Opcode Fuzzy Hash: 4892b8769fa2477814bb592241a814fa2adcc13c0f75d2b59f8204086591c7fb
                        • Instruction Fuzzy Hash: 4821CF71501305ABEB61DFA6C948BA77FFCFB90318F10482EE686D2151E774EE089B54
                        Function 00545C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                        Download Yara Rule
                        APIs
                        • FindFirstFileW.KERNEL32(?,?), ref: 00545CC1
                        • FindNextFileW.KERNEL32(00000000,?), ref: 00545D17
                        • FindClose.KERNEL32(?), ref: 00545D5F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Find$File$CloseFirstNext
                        • String ID:
                        • API String ID: 3541575487-0
                        • Opcode ID: dac95a33534530797df1020038f9b9c25d4123c0feee35ba0289562bbd10ced2
                        • Instruction ID: 141c366800e5c594eb8a7ffe7bb3bd9bbfdd31a925b37f85cd825d65afcccbe4
                        • Opcode Fuzzy Hash: dac95a33534530797df1020038f9b9c25d4123c0feee35ba0289562bbd10ced2
                        • Instruction Fuzzy Hash: BA518A74A04A019FC714DF28C494E9ABBE4FF49318F14855EE99A8B3A2DB30ED04CF91
                        Function 00502622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • IsDebuggerPresent.KERNEL32 ref: 0050271A
                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00502724
                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00502731
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                        • String ID:
                        • API String ID: 3906539128-0
                        • Opcode ID: 272216998516795a42a4fdcf79fccf635bbf0565743bb40414ae225d288b9753
                        • Instruction ID: db8ac5afa4bc9999021035168628226d60bbce69547ba7f0a45698e4fbff1457
                        • Opcode Fuzzy Hash: 272216998516795a42a4fdcf79fccf635bbf0565743bb40414ae225d288b9753
                        • Instruction Fuzzy Hash: 4331C27491121CABCB21DF69D98879DBBB8BF18310F5041EAE90CA72A1E7749F858F44
                        Function 005451CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 005451DA
                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00545238
                        • SetErrorMode.KERNEL32(00000000), ref: 005452A1
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorMode$DiskFreeSpace
                        • String ID:
                        • API String ID: 1682464887-0
                        • Opcode ID: 4670c18b6d7fa34cf18b536d4c9bbb95f60d4e1301c609e33ec7dd0b2b78d950
                        • Instruction ID: d7d27ccdfdb80f49afc31e27ebab8dffcba3030c7101a46b00c66a10203da88b
                        • Opcode Fuzzy Hash: 4670c18b6d7fa34cf18b536d4c9bbb95f60d4e1301c609e33ec7dd0b2b78d950
                        • Instruction Fuzzy Hash: 9E317F35A00508DFDB00DF54D894EEDBBB4FF49318F04809AE8459B392DB75E849CB50
                        Function 005316C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004EFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 004F0668
                          • Part of subcall function 004EFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 004F0685
                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0053170D
                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0053173A
                        • GetLastError.KERNEL32 ref: 0053174A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                        • String ID:
                        • API String ID: 577356006-0
                        • Opcode ID: 88649db83ac4032c6e0688eaaee0e3e64a0494be3aef2d81bed9ec10f0d6e15b
                        • Instruction ID: 4ff661f436c6037f956e5dbfc851f24bdf18bb6f67314d32a61b7a5c4322cc3c
                        • Opcode Fuzzy Hash: 88649db83ac4032c6e0688eaaee0e3e64a0494be3aef2d81bed9ec10f0d6e15b
                        • Instruction Fuzzy Hash: BC11C1B2404305AFD718AF64DC86D6ABBBDFB04754B24852EE05657241EB70BC458A24
                        Function 0053D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0053D608
                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0053D645
                        • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0053D650
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CloseControlCreateDeviceFileHandle
                        • String ID:
                        • API String ID: 33631002-0
                        • Opcode ID: 7cc109ded145537fb7f935b64ecf016069770ad76faf18fd239f88d3cc52de1f
                        • Instruction ID: 61ece60fd3f8af6cf06bbf101775478a3d69ee7692104734e7bc8886922ba308
                        • Opcode Fuzzy Hash: 7cc109ded145537fb7f935b64ecf016069770ad76faf18fd239f88d3cc52de1f
                        • Instruction Fuzzy Hash: E5118E75E01228BFDB108F99EC45FAFBFBCEB45B50F108111F914E7290C2B04A058BA1
                        Function 00531663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                        Download Yara Rule
                        APIs
                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0053168C
                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 005316A1
                        • FreeSid.ADVAPI32(?), ref: 005316B1
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: AllocateCheckFreeInitializeMembershipToken
                        • String ID:
                        • API String ID: 3429775523-0
                        • Opcode ID: eee5fef1a25e8f1bd1c08bb64a22ccb5b08d415bb38daf9e11b9ad9177fd8e64
                        • Instruction ID: cc94c96014426b5f07b4202911f8862187274093c8eb2c618d7e72913cdc67eb
                        • Opcode Fuzzy Hash: eee5fef1a25e8f1bd1c08bb64a22ccb5b08d415bb38daf9e11b9ad9177fd8e64
                        • Instruction Fuzzy Hash: 3AF04471950308FBDB00DFE4CD89AAEBBBCFB08210F404461E500E2180E370AA489A50
                        Function 0052D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                        Download Yara Rule
                        APIs
                        • GetUserNameW.ADVAPI32(?,?), ref: 0052D28C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: NameUser
                        • String ID: X64
                        • API String ID: 2645101109-893830106
                        • Opcode ID: a27f95fe952b17d17d07aa3edb1ae4aceb80a862a67bccf3c1bc8b1d5998a344
                        • Instruction ID: adb6eee20580f9cb829cd97ec6d223d873053fedf7fa79642104d6d7f0b9fb53
                        • Opcode Fuzzy Hash: a27f95fe952b17d17d07aa3edb1ae4aceb80a862a67bccf3c1bc8b1d5998a344
                        • Instruction Fuzzy Hash: 88D0C9B480112DEACB90CB90EC8CDEDB77CBB14305F100552F106A2040D77495499F20
                        Function 004FCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                        • Instruction ID: 95cc54e593c401354c238cbdc1845e7c5f5682ab7f71abf65541ce9b1caa3746
                        • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                        • Instruction Fuzzy Hash: CC022C71E0021D9BDF14CFA9C9806AEFBF1EF88314F25816AD919E7380D735AA41CB94
                        Function 004DCAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID: Variable is not of type 'Object'.$p#Z
                        • API String ID: 0-3664580551
                        • Opcode ID: eb166e4011613b0af89e2817ce2aff7092277e16117c54a27cabe63694376a21
                        • Instruction ID: 438e82391fcae112ccf0df991822d9ebf772ef686eddb808b0c54ce9a577f63c
                        • Opcode Fuzzy Hash: eb166e4011613b0af89e2817ce2aff7092277e16117c54a27cabe63694376a21
                        • Instruction Fuzzy Hash: 7A326970900229DBCF14DF94D8A5AEDBBB9BF05308F10405BE806AB3D2D779AE46CB55
                        Function 005468EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                        Download Yara Rule
                        APIs
                        • FindFirstFileW.KERNEL32(?,?), ref: 00546918
                        • FindClose.KERNEL32(00000000), ref: 00546961
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Find$CloseFileFirst
                        • String ID:
                        • API String ID: 2295610775-0
                        • Opcode ID: 9d9c79e10f48e93b373d3e657b42bd2ace63c10cc81d871421b32e0f9fe573c8
                        • Instruction ID: d6522b5f5cb87c2ad62bf1d3c1efe41d7311cef6aa32eed1bcf3fa98aa4c2dc1
                        • Opcode Fuzzy Hash: 9d9c79e10f48e93b373d3e657b42bd2ace63c10cc81d871421b32e0f9fe573c8
                        • Instruction Fuzzy Hash: 911190356042019FC710DF2AD494A66BBE5FF85328F14C69EE8A98F7A2C774EC05CB91
                        Function 005437B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00554891,?,?,00000035,?), ref: 005437E4
                        • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00554891,?,?,00000035,?), ref: 005437F4
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorFormatLastMessage
                        • String ID:
                        • API String ID: 3479602957-0
                        • Opcode ID: b46a85aa9b7b90136d3542c71d6834d6259c5ef58464e2bead672663988f1d37
                        • Instruction ID: 4b9e872130f3fb8fba9d372d24b3705eaaa9ae944f5fb54659bf930fa77b3cc2
                        • Opcode Fuzzy Hash: b46a85aa9b7b90136d3542c71d6834d6259c5ef58464e2bead672663988f1d37
                        • Instruction Fuzzy Hash: 1CF0E5B07052292AE760576A8C4DFEB3EAEEFC4765F000166F509D3291DAA09E48C6B0
                        Function 0053B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                        Download Yara Rule
                        APIs
                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0053B25D
                        • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0053B270
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: InputSendkeybd_event
                        • String ID:
                        • API String ID: 3536248340-0
                        • Opcode ID: 93e72e3ab6d7af288af5d3f5eaa79ff4cd44c148029f41388d65824a4175810f
                        • Instruction ID: 4a46c878c603fed51dbc302301bd71f0019660a05a66403c29204daeeb8fa026
                        • Opcode Fuzzy Hash: 93e72e3ab6d7af288af5d3f5eaa79ff4cd44c148029f41388d65824a4175810f
                        • Instruction Fuzzy Hash: 3AF01D7580428DABEB059FA5C806BBE7FB4FF14309F00840AF965A6192C7B986159F94
                        Function 005310BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                        Download Yara Rule
                        APIs
                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,005311FC), ref: 005310D4
                        • CloseHandle.KERNEL32(?,?,005311FC), ref: 005310E9
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: AdjustCloseHandlePrivilegesToken
                        • String ID:
                        • API String ID: 81990902-0
                        • Opcode ID: 286ce98597d7dd38c3ac7d06eefd1fc855321f09104e5d8d4638a30a01e03552
                        • Instruction ID: 21f56fadc954c86f30c329ed7d663e75a07ebfc00732710281d2b6bb2ddb7ba6
                        • Opcode Fuzzy Hash: 286ce98597d7dd38c3ac7d06eefd1fc855321f09104e5d8d4638a30a01e03552
                        • Instruction Fuzzy Hash: 8AE04831004640AFE7251B16FC09E777BA9EB04311F10882EF49581471DB626C94DB14
                        Function 0050676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00506766,?,?,00000008,?,?,0050FEFE,00000000), ref: 00506998
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ExceptionRaise
                        • String ID:
                        • API String ID: 3997070919-0
                        • Opcode ID: c2407a1ffd9363e47d1d8fa854a924a60e605b609d9282720f912c539a567a44
                        • Instruction ID: d201ee99cfc9d91bc08e55b4f4674f74e3b8428d59e73baeb7603709e203b6e0
                        • Opcode Fuzzy Hash: c2407a1ffd9363e47d1d8fa854a924a60e605b609d9282720f912c539a567a44
                        • Instruction Fuzzy Hash: 8AB1F6356106099FD719CF28C48AB697FE0FF45364F298658E899CF2E2C735E9A1CB40
                        Function 004EB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID: 0-3916222277
                        • Opcode ID: a08deb5782dd9c8a06ab82de66ba2833fc9164a654ef8d1d0247b6df8bb1dc7a
                        • Instruction ID: 366cac9788e8927af3949ca12441dd7453cf3fa253359eaa44b5c962202fcd42
                        • Opcode Fuzzy Hash: a08deb5782dd9c8a06ab82de66ba2833fc9164a654ef8d1d0247b6df8bb1dc7a
                        • Instruction Fuzzy Hash: F0127F719002299BDB14CF99D8816FEBBF5FF48310F14819AE849EB295DB349E81CF94
                        Function 0054EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                        Download Yara Rule
                        APIs
                        • BlockInput.USER32(00000001), ref: 0054EABD
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: BlockInput
                        • String ID:
                        • API String ID: 3456056419-0
                        • Opcode ID: 91d59f81ba23c557188edbcf87448340573c7da86293f4497941b67f20406777
                        • Instruction ID: 1c48a7dae8a3a7712c8cae53681ffddaca3a85434f587d377610a7b033a57749
                        • Opcode Fuzzy Hash: 91d59f81ba23c557188edbcf87448340573c7da86293f4497941b67f20406777
                        • Instruction Fuzzy Hash: 0EE012312002059FC710DF5AD459D9ABBD9FF58764F00841BFD45C7351D674A8448B94
                        Function 004F09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                        Download Yara Rule
                        APIs
                        • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,004F03EE), ref: 004F09DA
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ExceptionFilterUnhandled
                        • String ID:
                        • API String ID: 3192549508-0
                        • Opcode ID: a7186bb650f90e443bba857d933b00ce23071b22bc2e5294147714f5fd743d10
                        • Instruction ID: 4589ac3f99f3d260fdd47597c1ce3890b1bcdc874fb29def4328d9c6cfe4c9d1
                        • Opcode Fuzzy Hash: a7186bb650f90e443bba857d933b00ce23071b22bc2e5294147714f5fd743d10
                        • Instruction Fuzzy Hash:
                        Function 004F781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID: 0
                        • API String ID: 0-4108050209
                        • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                        • Instruction ID: b7b444f417c4836808a38599151d17517c70f1db3aa2519d1a28e7863037884a
                        • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                        • Instruction Fuzzy Hash: D4516BA160C60D57EB386669889DBBF27959B12384F18090FDB82CB382C65DDE07D35E
                        Function 00542046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID: 0&Z
                        • API String ID: 0-2471102284
                        • Opcode ID: 7354902bf401625609775c064fd9d7c176b36287555919355af5100f180ec72f
                        • Instruction ID: b3fb21caf07519a994d64d15bca3d18673090117ac1deb6a86818768ca7d72c2
                        • Opcode Fuzzy Hash: 7354902bf401625609775c064fd9d7c176b36287555919355af5100f180ec72f
                        • Instruction Fuzzy Hash: 5421E7322216118BD728CF79C8276BE77E5B764314F14862EE4A7C37D0DE39A904DB80
                        Function 00506DD9 Relevance: .6, Instructions: 637COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ee8c6b6f7d2514708c0b1fc2942a5c70c09b89c65a421067fd51df2ccfb0fe2a
                        • Instruction ID: 3cd94c236db2cee97762a86f2f25e681d949fd038024c5386cf8d4405a04f4b6
                        • Opcode Fuzzy Hash: ee8c6b6f7d2514708c0b1fc2942a5c70c09b89c65a421067fd51df2ccfb0fe2a
                        • Instruction Fuzzy Hash: 69322321D29F054ED7239634DC223396A8DAFBB3C5F14D737E81AB59A6EB29D4C36100
                        Function 004ECC39 Relevance: .6, Instructions: 635COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2a70621e4e23aa4f338bace9a820f790522781cfc240011f6cff6a701cb9c55f
                        • Instruction ID: 9cea77c509460aae8fb7fa1365271cb8f504e904059bbcfde6121c4f6d33876a
                        • Opcode Fuzzy Hash: 2a70621e4e23aa4f338bace9a820f790522781cfc240011f6cff6a701cb9c55f
                        • Instruction Fuzzy Hash: C332F531A001A58BCF28CA29E4D4A7D7FA1FF46301F29856BE45A9B6D3D334DD82DB41
                        Function 004D7920 Relevance: .6, Instructions: 563COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8c24f956dfe63a28d2e35d7b5d78e32da542b26d78e857b467a425e0ae75ff50
                        • Instruction ID: 68923ca7e11fe775c254c99ea02f65e1398d98fb483ae1d66cc57b6e220fad11
                        • Opcode Fuzzy Hash: 8c24f956dfe63a28d2e35d7b5d78e32da542b26d78e857b467a425e0ae75ff50
                        • Instruction Fuzzy Hash: 48229D70A00609DFEF14CF65C891AEEB7B2FF84304F14462AE812A7391F73AA955CB55
                        Function 004D91C0 Relevance: .5, Instructions: 475COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2762d0ccd6512f223549728b251e8f925ef1b235a06a5819e76ab6225e9a1c01
                        • Instruction ID: d56edea81228fbcb55094156a80f1502f16421c83086953797b6ea7aa43a561b
                        • Opcode Fuzzy Hash: 2762d0ccd6512f223549728b251e8f925ef1b235a06a5819e76ab6225e9a1c01
                        • Instruction Fuzzy Hash: 8D02D8B0E00209EBDF04DF55D892AAEBBB1FF44304F11856AE806DB391E735AE55CB85
                        Function 00509EEE Relevance: .3, Instructions: 294COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 13bc7c3d307b930060b79388b412fa117691bb1ae1817af4b9d2e52ed3a3887a
                        • Instruction ID: cb9e52ae1b7dda982e4efaaee6d60e2357babcbdeb6422cc48088c283719fba8
                        • Opcode Fuzzy Hash: 13bc7c3d307b930060b79388b412fa117691bb1ae1817af4b9d2e52ed3a3887a
                        • Instruction Fuzzy Hash: C8B12420D2AF414DC32396399835336BA4CAFBB2D5F91DB1BFC1A74D62EB2181C7A141
                        Function 004F1C77 Relevance: .3, Instructions: 254COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                        • Instruction ID: 761b49fb5a35aeba657b168860a25df2845e3e3cae7ce209648f99d5c7b08099
                        • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                        • Instruction Fuzzy Hash: 3A9197721080E78ADB29423E857443FFFF15A923A131A079FD5F2CA2E5FE18D954D624
                        Function 004F1F32 Relevance: .2, Instructions: 244COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                        • Instruction ID: b3761e169c16d2cd6864946601ecfee80d03f57e9db3f00170ca3faa05e17076
                        • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                        • Instruction Fuzzy Hash: FD919A732080A74ED72D423A867443FFFE15A923A131A079FD6F2CB2D5EE68C554D628
                        Function 004F19B0 Relevance: .2, Instructions: 240COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                        • Instruction ID: c6a4278869c506317d7a0b904f1655a6727352c3b1eda4463aa9db71217a4cfe
                        • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                        • Instruction Fuzzy Hash: 8C91C5726090E7CADB2D427A847403FFFE14A923A231A079FD5F2CA2E1FD18D555D624
                        Function 004F7A4A Relevance: .2, Instructions: 237COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 479ece871d3c2eeeece3cdd2d5c5d321a0bf460b97504ef2b2600cc0f58dbe18
                        • Instruction ID: 7396011ddcc1342237ac65a1024329a06dcf6a7dba2254851c966b13db7382aa
                        • Opcode Fuzzy Hash: 479ece871d3c2eeeece3cdd2d5c5d321a0bf460b97504ef2b2600cc0f58dbe18
                        • Instruction Fuzzy Hash: 5A615871A0874D96EA349A288C95BBF3394DF42748F10091FEB42DF382D65DAE42C31E
                        Function 004F7CA7 Relevance: .2, Instructions: 237COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e77ef1b567452f50d215db5dbc80268907f218dbeaf32d87adc763fbfed2f4bf
                        • Instruction ID: a71799e77b716c80198c3ecb833b359ba57afe50257f5340943a789936b08474
                        • Opcode Fuzzy Hash: e77ef1b567452f50d215db5dbc80268907f218dbeaf32d87adc763fbfed2f4bf
                        • Instruction Fuzzy Hash: 36617A7160870D56DE384A285895BBF2389EF42748F90095FEB42DF381DA5E9D42C35E
                        Function 004F1706 Relevance: .2, Instructions: 232COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                        • Instruction ID: d7c9633486e9149b8be86fc7ec0fe918a5e732f803de7f0a96d3f96f54685a0a
                        • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                        • Instruction Fuzzy Hash: 9B81C7726080E789DB2D423A853443FFFE15A923E131A079FD5F2CB2E1EE28C554E664
                        Function 00552ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                        Download Yara Rule
                        APIs
                        • DeleteObject.GDI32(00000000), ref: 00552B30
                        • DeleteObject.GDI32(00000000), ref: 00552B43
                        • DestroyWindow.USER32 ref: 00552B52
                        • GetDesktopWindow.USER32 ref: 00552B6D
                        • GetWindowRect.USER32(00000000), ref: 00552B74
                        • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00552CA3
                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00552CB1
                        • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00552CF8
                        • GetClientRect.USER32(00000000,?), ref: 00552D04
                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00552D40
                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00552D62
                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00552D75
                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00552D80
                        • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00552D89
                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00552D98
                        • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00552DA1
                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00552DA8
                        • GlobalFree.KERNEL32(00000000), ref: 00552DB3
                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00552DC5
                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,0056FC38,00000000), ref: 00552DDB
                        • GlobalFree.KERNEL32(00000000), ref: 00552DEB
                        • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00552E11
                        • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00552E30
                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00552E52
                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0055303F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                        • String ID: $AutoIt v3$DISPLAY$static
                        • API String ID: 2211948467-2373415609
                        • Opcode ID: 366a5e01d4285a514aad8a5b469efb5fec7fa295c64ab95b5088a5c490b33df8
                        • Instruction ID: ae57583a9aaaac90407fc7c88f6b2d426f93071e214671dd83495139d4d0cedd
                        • Opcode Fuzzy Hash: 366a5e01d4285a514aad8a5b469efb5fec7fa295c64ab95b5088a5c490b33df8
                        • Instruction Fuzzy Hash: FA029A71900205AFDB14DF68DC99EAE7FB9FF49315F00850AF915AB2A1CB74AD08CB64
                        Function 005670D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                        Download Yara Rule
                        APIs
                        • SetTextColor.GDI32(?,00000000), ref: 0056712F
                        • GetSysColorBrush.USER32(0000000F), ref: 00567160
                        • GetSysColor.USER32(0000000F), ref: 0056716C
                        • SetBkColor.GDI32(?,000000FF), ref: 00567186
                        • SelectObject.GDI32(?,?), ref: 00567195
                        • InflateRect.USER32(?,000000FF,000000FF), ref: 005671C0
                        • GetSysColor.USER32(00000010), ref: 005671C8
                        • CreateSolidBrush.GDI32(00000000), ref: 005671CF
                        • FrameRect.USER32(?,?,00000000), ref: 005671DE
                        • DeleteObject.GDI32(00000000), ref: 005671E5
                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00567230
                        • FillRect.USER32(?,?,?), ref: 00567262
                        • GetWindowLongW.USER32(?,000000F0), ref: 00567284
                          • Part of subcall function 005673E8: GetSysColor.USER32(00000012), ref: 00567421
                          • Part of subcall function 005673E8: SetTextColor.GDI32(?,?), ref: 00567425
                          • Part of subcall function 005673E8: GetSysColorBrush.USER32(0000000F), ref: 0056743B
                          • Part of subcall function 005673E8: GetSysColor.USER32(0000000F), ref: 00567446
                          • Part of subcall function 005673E8: GetSysColor.USER32(00000011), ref: 00567463
                          • Part of subcall function 005673E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00567471
                          • Part of subcall function 005673E8: SelectObject.GDI32(?,00000000), ref: 00567482
                          • Part of subcall function 005673E8: SetBkColor.GDI32(?,00000000), ref: 0056748B
                          • Part of subcall function 005673E8: SelectObject.GDI32(?,?), ref: 00567498
                          • Part of subcall function 005673E8: InflateRect.USER32(?,000000FF,000000FF), ref: 005674B7
                          • Part of subcall function 005673E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005674CE
                          • Part of subcall function 005673E8: GetWindowLongW.USER32(00000000,000000F0), ref: 005674DB
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                        • String ID:
                        • API String ID: 4124339563-0
                        • Opcode ID: 866e078c44d22cc6e901139dcde62a4f2c5fcaff5b59efe46c2061b76740305f
                        • Instruction ID: 44df500b24bfd6d602050fc6a41ade18b662216eac5e0654a603c7da8f06d174
                        • Opcode Fuzzy Hash: 866e078c44d22cc6e901139dcde62a4f2c5fcaff5b59efe46c2061b76740305f
                        • Instruction Fuzzy Hash: 85A1C172008305AFDB109F68DC48E6B7FA9FF59324F100A1AF9A2971E0D7B4E948DB51
                        Function 004E8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                        Download Yara Rule
                        APIs
                        • DestroyWindow.USER32(?,?), ref: 004E8E14
                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 00526AC5
                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00526AFE
                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00526F43
                          • Part of subcall function 004E8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,004E8BE8,?,00000000,?,?,?,?,004E8BBA,00000000,?), ref: 004E8FC5
                        • SendMessageW.USER32(?,00001053), ref: 00526F7F
                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00526F96
                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00526FAC
                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00526FB7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                        • String ID: 0
                        • API String ID: 2760611726-4108050209
                        • Opcode ID: 1e0116826c3a53db8a56a1275dd694c5956f6b941d033f75ee067607fb77b628
                        • Instruction ID: 646bccd4a12c01b75b31edb91ca25f5436302c76b86246da82421a8d72d725c6
                        • Opcode Fuzzy Hash: 1e0116826c3a53db8a56a1275dd694c5956f6b941d033f75ee067607fb77b628
                        • Instruction Fuzzy Hash: 2F12DE30200661DFCB25CF18E844BAABBE5FF56301F14456EE489CB2A1CB35EC56EB95
                        Function 00552711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                        Download Yara Rule
                        APIs
                        • DestroyWindow.USER32(00000000), ref: 0055273E
                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0055286A
                        • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 005528A9
                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 005528B9
                        • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00552900
                        • GetClientRect.USER32(00000000,?), ref: 0055290C
                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00552955
                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00552964
                        • GetStockObject.GDI32(00000011), ref: 00552974
                        • SelectObject.GDI32(00000000,00000000), ref: 00552978
                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00552988
                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00552991
                        • DeleteDC.GDI32(00000000), ref: 0055299A
                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 005529C6
                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 005529DD
                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00552A1D
                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00552A31
                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 00552A42
                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00552A77
                        • GetStockObject.GDI32(00000011), ref: 00552A82
                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00552A8D
                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00552A97
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                        • API String ID: 2910397461-517079104
                        • Opcode ID: 04a3f5b7d0d07bf8cbd067877b0fcb55f215f714992f61970f06f5440de3be34
                        • Instruction ID: 44824a67a8fd73a5b3175782799f4a4c0a176b26efe27feca457c08f16659ffc
                        • Opcode Fuzzy Hash: 04a3f5b7d0d07bf8cbd067877b0fcb55f215f714992f61970f06f5440de3be34
                        • Instruction Fuzzy Hash: F3B19B71A00215AFEB10DFA8CC59FAE7BA9FB09714F00851AF914E7290D7B4AD04CBA4
                        Function 00544ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 00544AED
                        • GetDriveTypeW.KERNEL32(?,0056CB68,?,\\.\,0056CC08), ref: 00544BCA
                        • SetErrorMode.KERNEL32(00000000,0056CB68,?,\\.\,0056CC08), ref: 00544D36
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorMode$DriveType
                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                        • API String ID: 2907320926-4222207086
                        • Opcode ID: cc770657f1ab1859cd8ed65a61f4dc5442d103c0b724c5e531f93bb8b178fd1e
                        • Instruction ID: ab47b1fa7bd81d58be9bd254dc8433f81264c2372076459d3156ab67e0b70622
                        • Opcode Fuzzy Hash: cc770657f1ab1859cd8ed65a61f4dc5442d103c0b724c5e531f93bb8b178fd1e
                        • Instruction Fuzzy Hash: 4661AF306852069BCF04DF24CAD2AE87FB0FB4474DB28881AF806AB695DB35ED45DF41
                        Function 005673E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetSysColor.USER32(00000012), ref: 00567421
                        • SetTextColor.GDI32(?,?), ref: 00567425
                        • GetSysColorBrush.USER32(0000000F), ref: 0056743B
                        • GetSysColor.USER32(0000000F), ref: 00567446
                        • CreateSolidBrush.GDI32(?), ref: 0056744B
                        • GetSysColor.USER32(00000011), ref: 00567463
                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00567471
                        • SelectObject.GDI32(?,00000000), ref: 00567482
                        • SetBkColor.GDI32(?,00000000), ref: 0056748B
                        • SelectObject.GDI32(?,?), ref: 00567498
                        • InflateRect.USER32(?,000000FF,000000FF), ref: 005674B7
                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005674CE
                        • GetWindowLongW.USER32(00000000,000000F0), ref: 005674DB
                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0056752A
                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00567554
                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00567572
                        • DrawFocusRect.USER32(?,?), ref: 0056757D
                        • GetSysColor.USER32(00000011), ref: 0056758E
                        • SetTextColor.GDI32(?,00000000), ref: 00567596
                        • DrawTextW.USER32(?,005670F5,000000FF,?,00000000), ref: 005675A8
                        • SelectObject.GDI32(?,?), ref: 005675BF
                        • DeleteObject.GDI32(?), ref: 005675CA
                        • SelectObject.GDI32(?,?), ref: 005675D0
                        • DeleteObject.GDI32(?), ref: 005675D5
                        • SetTextColor.GDI32(?,?), ref: 005675DB
                        • SetBkColor.GDI32(?,?), ref: 005675E5
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                        • String ID:
                        • API String ID: 1996641542-0
                        • Opcode ID: cf0613f9d43482042abc23c484f0d80bc7e86f7261d856629d3426ed0bdadd5a
                        • Instruction ID: ac92e4ce60f554f59cfc0b4e0eef5c656ca9a0e975b01d030e372edeb2de4de7
                        • Opcode Fuzzy Hash: cf0613f9d43482042abc23c484f0d80bc7e86f7261d856629d3426ed0bdadd5a
                        • Instruction Fuzzy Hash: 3B617D72900218AFDF119FA8DC49EAE7FB9FF19321F104125F916AB2A1D7B49940DF90
                        Function 00560FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetCursorPos.USER32(?), ref: 00561128
                        • GetDesktopWindow.USER32 ref: 0056113D
                        • GetWindowRect.USER32(00000000), ref: 00561144
                        • GetWindowLongW.USER32(?,000000F0), ref: 00561199
                        • DestroyWindow.USER32(?), ref: 005611B9
                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 005611ED
                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0056120B
                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0056121D
                        • SendMessageW.USER32(00000000,00000421,?,?), ref: 00561232
                        • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00561245
                        • IsWindowVisible.USER32(00000000), ref: 005612A1
                        • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 005612BC
                        • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 005612D0
                        • GetWindowRect.USER32(00000000,?), ref: 005612E8
                        • MonitorFromPoint.USER32(?,?,00000002), ref: 0056130E
                        • GetMonitorInfoW.USER32(00000000,?), ref: 00561328
                        • CopyRect.USER32(?,?), ref: 0056133F
                        • SendMessageW.USER32(00000000,00000412,00000000), ref: 005613AA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                        • String ID: ($0$tooltips_class32
                        • API String ID: 698492251-4156429822
                        • Opcode ID: 596afe9f13ebfd2ea20483a1e5698e86c44a7e3d76b5e1d8b517cd42333c861e
                        • Instruction ID: 225b76a0a8af55ea050c37bead85ac5db7909613e897ebd9c808db25880c8be7
                        • Opcode Fuzzy Hash: 596afe9f13ebfd2ea20483a1e5698e86c44a7e3d76b5e1d8b517cd42333c861e
                        • Instruction Fuzzy Hash: 85B19E71604741AFD700DF69C884B6ABFE4FF84354F04891DF99A9B261CB71E844CB9A
                        Function 004E8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004E8968
                        • GetSystemMetrics.USER32(00000007), ref: 004E8970
                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004E899B
                        • GetSystemMetrics.USER32(00000008), ref: 004E89A3
                        • GetSystemMetrics.USER32(00000004), ref: 004E89C8
                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 004E89E5
                        • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 004E89F5
                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 004E8A28
                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 004E8A3C
                        • GetClientRect.USER32(00000000,000000FF), ref: 004E8A5A
                        • GetStockObject.GDI32(00000011), ref: 004E8A76
                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 004E8A81
                          • Part of subcall function 004E912D: GetCursorPos.USER32(?), ref: 004E9141
                          • Part of subcall function 004E912D: ScreenToClient.USER32(00000000,?), ref: 004E915E
                          • Part of subcall function 004E912D: GetAsyncKeyState.USER32(00000001), ref: 004E9183
                          • Part of subcall function 004E912D: GetAsyncKeyState.USER32(00000002), ref: 004E919D
                        • SetTimer.USER32(00000000,00000000,00000028,004E90FC), ref: 004E8AA8
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                        • String ID: AutoIt v3 GUI
                        • API String ID: 1458621304-248962490
                        • Opcode ID: 5b469e3e938e1c466dbfd2b37e591679fcec94a1af2b5ff5c740452f1682bf24
                        • Instruction ID: 098ab86c41cd1b68273653189bcfa53f977c32f036703f610a68f0b3cc35ec46
                        • Opcode Fuzzy Hash: 5b469e3e938e1c466dbfd2b37e591679fcec94a1af2b5ff5c740452f1682bf24
                        • Instruction Fuzzy Hash: 27B1AB71A0020A9FDF14DFA8DC45BAE3BB4FB58315F10422AFA06A72D0CB74E845CB59
                        Function 00530D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 005310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00531114
                          • Part of subcall function 005310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00530B9B,?,?,?), ref: 00531120
                          • Part of subcall function 005310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00530B9B,?,?,?), ref: 0053112F
                          • Part of subcall function 005310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00530B9B,?,?,?), ref: 00531136
                          • Part of subcall function 005310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0053114D
                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00530DF5
                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00530E29
                        • GetLengthSid.ADVAPI32(?), ref: 00530E40
                        • GetAce.ADVAPI32(?,00000000,?), ref: 00530E7A
                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00530E96
                        • GetLengthSid.ADVAPI32(?), ref: 00530EAD
                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00530EB5
                        • HeapAlloc.KERNEL32(00000000), ref: 00530EBC
                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00530EDD
                        • CopySid.ADVAPI32(00000000), ref: 00530EE4
                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00530F13
                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00530F35
                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00530F47
                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00530F6E
                        • HeapFree.KERNEL32(00000000), ref: 00530F75
                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00530F7E
                        • HeapFree.KERNEL32(00000000), ref: 00530F85
                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00530F8E
                        • HeapFree.KERNEL32(00000000), ref: 00530F95
                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00530FA1
                        • HeapFree.KERNEL32(00000000), ref: 00530FA8
                          • Part of subcall function 00531193: GetProcessHeap.KERNEL32(00000008,00530BB1,?,00000000,?,00530BB1,?), ref: 005311A1
                          • Part of subcall function 00531193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00530BB1,?), ref: 005311A8
                          • Part of subcall function 00531193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00530BB1,?), ref: 005311B7
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                        • String ID:
                        • API String ID: 4175595110-0
                        • Opcode ID: ee47d95cc73a8488cac7a0091f0aa0a7344c6fef7d15fd9a100d5dbe68dff55f
                        • Instruction ID: f8abd5ff2c96efb8719ff5a63db970fac1af21583a5bbcf64e714f5e72d8cd90
                        • Opcode Fuzzy Hash: ee47d95cc73a8488cac7a0091f0aa0a7344c6fef7d15fd9a100d5dbe68dff55f
                        • Instruction Fuzzy Hash: F871587290030AEBDF209FA8DC48BAEBFB8BF15310F148215F959E7191D7719A09DB60
                        Function 0055C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0055C4BD
                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,0056CC08,00000000,?,00000000,?,?), ref: 0055C544
                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0055C5A4
                        • _wcslen.LIBCMT ref: 0055C5F4
                        • _wcslen.LIBCMT ref: 0055C66F
                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0055C6B2
                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0055C7C1
                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0055C84D
                        • RegCloseKey.ADVAPI32(?), ref: 0055C881
                        • RegCloseKey.ADVAPI32(00000000), ref: 0055C88E
                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0055C960
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                        • API String ID: 9721498-966354055
                        • Opcode ID: b971dc0b7e0f741df2e65d1fbb7441f7887955863728ac542cef0b92cf59a8c8
                        • Instruction ID: 28c7bd6ad6949684eddd9e80ce19aace6dc100f2182cfcb6627727a460bb9cd7
                        • Opcode Fuzzy Hash: b971dc0b7e0f741df2e65d1fbb7441f7887955863728ac542cef0b92cf59a8c8
                        • Instruction Fuzzy Hash: 01127B316043019FC714DF15C8A1A2ABBE5FF88719F04885EF88A9B7A2DB35ED45CB85
                        Function 0056091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                        Download Yara Rule
                        APIs
                        • CharUpperBuffW.USER32(?,?), ref: 005609C6
                        • _wcslen.LIBCMT ref: 00560A01
                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00560A54
                        • _wcslen.LIBCMT ref: 00560A8A
                        • _wcslen.LIBCMT ref: 00560B06
                        • _wcslen.LIBCMT ref: 00560B81
                          • Part of subcall function 004EF9F2: _wcslen.LIBCMT ref: 004EF9FD
                          • Part of subcall function 00532BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00532BFA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$MessageSend$BuffCharUpper
                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                        • API String ID: 1103490817-4258414348
                        • Opcode ID: 0c1bd99d7c2de84cf0a39dfeacd0d34dfb856452b1316577f31620b5ad3109ea
                        • Instruction ID: 65d8fc805a72010ef546289267686d6aa7d89ca77dc1b753f9fa24549b662a13
                        • Opcode Fuzzy Hash: 0c1bd99d7c2de84cf0a39dfeacd0d34dfb856452b1316577f31620b5ad3109ea
                        • Instruction Fuzzy Hash: A6E17D312087019FCB14DF25C46092BBBE2BF98358F54895EF8969B3A2DB35ED45CB81
                        Function 0055C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$BuffCharUpper
                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                        • API String ID: 1256254125-909552448
                        • Opcode ID: 9e5bf62636d6a50e7339fc6fc024e2c2306fa4f1e1116c88db0985f57ba4175e
                        • Instruction ID: 3c10b671d5e5846bc35ccd4ed4d660ea201fe2a24a010e6f8a5d21e21844e05a
                        • Opcode Fuzzy Hash: 9e5bf62636d6a50e7339fc6fc024e2c2306fa4f1e1116c88db0985f57ba4175e
                        • Instruction Fuzzy Hash: B571153261022A8FCF10DE79C8615BB3F91BBA4766B14052BFC6697284E634CD48C3A0
                        Function 0056833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                        Download Yara Rule
                        APIs
                        • _wcslen.LIBCMT ref: 0056835A
                        • _wcslen.LIBCMT ref: 0056836E
                        • _wcslen.LIBCMT ref: 00568391
                        • _wcslen.LIBCMT ref: 005683B4
                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 005683F2
                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0056361A,?), ref: 0056844E
                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00568487
                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 005684CA
                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00568501
                        • FreeLibrary.KERNEL32(?), ref: 0056850D
                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0056851D
                        • DestroyIcon.USER32(?), ref: 0056852C
                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00568549
                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00568555
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                        • String ID: .dll$.exe$.icl
                        • API String ID: 799131459-1154884017
                        • Opcode ID: 51b505313fe049c89e38d6ba094bdcff382175520ad1a1c70b7443a7da32ade5
                        • Instruction ID: a4e403dfe4a803d2cf51cb4f17f0db696747bbf7814162bc0e0e10a511efb279
                        • Opcode Fuzzy Hash: 51b505313fe049c89e38d6ba094bdcff382175520ad1a1c70b7443a7da32ade5
                        • Instruction Fuzzy Hash: 0D61F271600209BAEB14DF64CC81BBF7BA8FB18715F10460AF916D71D1EFB4AA40D7A0
                        Function 004D7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                        • API String ID: 0-1645009161
                        • Opcode ID: 96d1a89e74aa679a38caf2c83f93f117b1004aca02fde91d362690c80bc88bf6
                        • Instruction ID: 36178625b942d3cf41d424dc242c0f55bb1a99a260d890da131b7880a879adda
                        • Opcode Fuzzy Hash: 96d1a89e74aa679a38caf2c83f93f117b1004aca02fde91d362690c80bc88bf6
                        • Instruction Fuzzy Hash: A981F771644205BBEB21AF61DC52FBE3BA4BF54304F04442BF905AB292FB78D941C7A9
                        Function 00543E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                        Download Yara Rule
                        APIs
                        • CharLowerBuffW.USER32(?,?), ref: 00543EF8
                        • _wcslen.LIBCMT ref: 00543F03
                        • _wcslen.LIBCMT ref: 00543F5A
                        • _wcslen.LIBCMT ref: 00543F98
                        • GetDriveTypeW.KERNEL32(?), ref: 00543FD6
                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0054401E
                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00544059
                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00544087
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: SendString_wcslen$BuffCharDriveLowerType
                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                        • API String ID: 1839972693-4113822522
                        • Opcode ID: 78549378a25b52e1e252fb299175358309e2ee4c06e654e55acd65b871e71346
                        • Instruction ID: 1b1e1e8c1687582171cd2ac24d62a4e8a4ec5078c785847463a179ad55476c1d
                        • Opcode Fuzzy Hash: 78549378a25b52e1e252fb299175358309e2ee4c06e654e55acd65b871e71346
                        • Instruction Fuzzy Hash: 4471F271604202AFC710EF25C8919AABBF4FF9475CF10492EF89597261EB34ED49CB91
                        Function 00535A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • LoadIconW.USER32(00000063), ref: 00535A2E
                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00535A40
                        • SetWindowTextW.USER32(?,?), ref: 00535A57
                        • GetDlgItem.USER32(?,000003EA), ref: 00535A6C
                        • SetWindowTextW.USER32(00000000,?), ref: 00535A72
                        • GetDlgItem.USER32(?,000003E9), ref: 00535A82
                        • SetWindowTextW.USER32(00000000,?), ref: 00535A88
                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00535AA9
                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00535AC3
                        • GetWindowRect.USER32(?,?), ref: 00535ACC
                        • _wcslen.LIBCMT ref: 00535B33
                        • SetWindowTextW.USER32(?,?), ref: 00535B6F
                        • GetDesktopWindow.USER32 ref: 00535B75
                        • GetWindowRect.USER32(00000000), ref: 00535B7C
                        • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00535BD3
                        • GetClientRect.USER32(?,?), ref: 00535BE0
                        • PostMessageW.USER32(?,00000005,00000000,?), ref: 00535C05
                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00535C2F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                        • String ID:
                        • API String ID: 895679908-0
                        • Opcode ID: b030ea1fcfd849e520ab0a51101fc2f6a3472ad8e0504b38e05e79b817e78a14
                        • Instruction ID: 5116d2f950856e33889a812c2f8b735f841b3f68e9f3d5a2ac6dc147d1dc880d
                        • Opcode Fuzzy Hash: b030ea1fcfd849e520ab0a51101fc2f6a3472ad8e0504b38e05e79b817e78a14
                        • Instruction Fuzzy Hash: 01718D31900B09AFDB20DFA8CE85AAEBFF5FF48705F105918E582A35A0E775E944DB10
                        Function 0054FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                        Download Yara Rule
                        APIs
                        • LoadCursorW.USER32(00000000,00007F89), ref: 0054FE27
                        • LoadCursorW.USER32(00000000,00007F8A), ref: 0054FE32
                        • LoadCursorW.USER32(00000000,00007F00), ref: 0054FE3D
                        • LoadCursorW.USER32(00000000,00007F03), ref: 0054FE48
                        • LoadCursorW.USER32(00000000,00007F8B), ref: 0054FE53
                        • LoadCursorW.USER32(00000000,00007F01), ref: 0054FE5E
                        • LoadCursorW.USER32(00000000,00007F81), ref: 0054FE69
                        • LoadCursorW.USER32(00000000,00007F88), ref: 0054FE74
                        • LoadCursorW.USER32(00000000,00007F80), ref: 0054FE7F
                        • LoadCursorW.USER32(00000000,00007F86), ref: 0054FE8A
                        • LoadCursorW.USER32(00000000,00007F83), ref: 0054FE95
                        • LoadCursorW.USER32(00000000,00007F85), ref: 0054FEA0
                        • LoadCursorW.USER32(00000000,00007F82), ref: 0054FEAB
                        • LoadCursorW.USER32(00000000,00007F84), ref: 0054FEB6
                        • LoadCursorW.USER32(00000000,00007F04), ref: 0054FEC1
                        • LoadCursorW.USER32(00000000,00007F02), ref: 0054FECC
                        • GetCursorInfo.USER32(?), ref: 0054FEDC
                        • GetLastError.KERNEL32 ref: 0054FF1E
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Cursor$Load$ErrorInfoLast
                        • String ID:
                        • API String ID: 3215588206-0
                        • Opcode ID: 470191164bd0469817c4ce7abdeda8a2a081cd6e231ec7e6022677023223e4b7
                        • Instruction ID: 16b35376fb0298d18129c0b73fea94403c4474d3155fde0da6f39a586afb7c50
                        • Opcode Fuzzy Hash: 470191164bd0469817c4ce7abdeda8a2a081cd6e231ec7e6022677023223e4b7
                        • Instruction Fuzzy Hash: 114142B0D043196BDB109FBA8C8986EBFE8FF04754B50452AE11DE7281DB78A905CF91
                        Function 005330F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen
                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[Y
                        • API String ID: 176396367-4069113390
                        • Opcode ID: 0980052b1ab97ea5ee8765e921c08ba2c0ff90450b02b842018c376606226e34
                        • Instruction ID: fd0288815124d4f05de5522be5bcb03a7ba9ba2e8743b1f689db5d4fc9fc6507
                        • Opcode Fuzzy Hash: 0980052b1ab97ea5ee8765e921c08ba2c0ff90450b02b842018c376606226e34
                        • Instruction Fuzzy Hash: ACE1E432A00516ABCF159FB8C451AFEFFB1BF44714F54852AE456E7240EB30AE89C7A0
                        Function 004F00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                        Download Yara Rule
                        APIs
                        • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 004F00C6
                          • Part of subcall function 004F00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(005A070C,00000FA0,661F99C3,?,?,?,?,005123B3,000000FF), ref: 004F011C
                          • Part of subcall function 004F00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,005123B3,000000FF), ref: 004F0127
                          • Part of subcall function 004F00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,005123B3,000000FF), ref: 004F0138
                          • Part of subcall function 004F00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 004F014E
                          • Part of subcall function 004F00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 004F015C
                          • Part of subcall function 004F00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 004F016A
                          • Part of subcall function 004F00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 004F0195
                          • Part of subcall function 004F00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 004F01A0
                        • ___scrt_fastfail.LIBCMT ref: 004F00E7
                          • Part of subcall function 004F00A3: __onexit.LIBCMT ref: 004F00A9
                        Strings
                        • InitializeConditionVariable, xrefs: 004F0148
                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 004F0122
                        • kernel32.dll, xrefs: 004F0133
                        • SleepConditionVariableCS, xrefs: 004F0154
                        • WakeAllConditionVariable, xrefs: 004F0162
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                        • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                        • API String ID: 66158676-1714406822
                        • Opcode ID: 8b29e929be7b9a996b684d61eb93c9fc344642926f9677cb92449ac8c0701a75
                        • Instruction ID: 7cc7cd5cccb27daa6d558a8e70b6c8a6d369ed72647842ae716d5a9f41ce2eaf
                        • Opcode Fuzzy Hash: 8b29e929be7b9a996b684d61eb93c9fc344642926f9677cb92449ac8c0701a75
                        • Instruction Fuzzy Hash: 5A212C32A443146BD7106BA9BD05B7F3BA4EB96B51F00012BF901933D2DFB868049A95
                        Function 005444C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                        Download Yara Rule
                        APIs
                        • CharLowerBuffW.USER32(00000000,00000000,0056CC08), ref: 00544527
                        • _wcslen.LIBCMT ref: 0054453B
                        • _wcslen.LIBCMT ref: 00544599
                        • _wcslen.LIBCMT ref: 005445F4
                        • _wcslen.LIBCMT ref: 0054463F
                        • _wcslen.LIBCMT ref: 005446A7
                          • Part of subcall function 004EF9F2: _wcslen.LIBCMT ref: 004EF9FD
                        • GetDriveTypeW.KERNEL32(?,00596BF0,00000061), ref: 00544743
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$BuffCharDriveLowerType
                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                        • API String ID: 2055661098-1000479233
                        • Opcode ID: e5abf9599b31fec404e771291b6cf6094a5ad44178da7018bd6a80636cff0143
                        • Instruction ID: 0f89ca4b3e49babed02ddb4cf65d20ab4ac2c09accc7a22deea6ce656d76d145
                        • Opcode Fuzzy Hash: e5abf9599b31fec404e771291b6cf6094a5ad44178da7018bd6a80636cff0143
                        • Instruction Fuzzy Hash: 05B12F716483029BC710DF28C890ABABBE1BFA5768F50491EF496C7291E734D845CB92
                        Function 0056911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004E9BB2
                        • DragQueryPoint.SHELL32(?,?), ref: 00569147
                          • Part of subcall function 00567674: ClientToScreen.USER32(?,?), ref: 0056769A
                          • Part of subcall function 00567674: GetWindowRect.USER32(?,?), ref: 00567710
                          • Part of subcall function 00567674: PtInRect.USER32(?,?,00568B89), ref: 00567720
                        • SendMessageW.USER32(?,000000B0,?,?), ref: 005691B0
                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 005691BB
                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 005691DE
                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00569225
                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0056923E
                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00569255
                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00569277
                        • DragFinish.SHELL32(?), ref: 0056927E
                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00569371
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#Z
                        • API String ID: 221274066-4227306679
                        • Opcode ID: 427881f86818cef5652f253601036e9fd9cfb742b1cd1fc185ed0bcb6e678291
                        • Instruction ID: 1913392668968ca93c62e6a3556fbcb331574e2a9f8bac33b6896e298d0d10fa
                        • Opcode Fuzzy Hash: 427881f86818cef5652f253601036e9fd9cfb742b1cd1fc185ed0bcb6e678291
                        • Instruction Fuzzy Hash: 74618571108301AFC700EF65D895DAFBFE8FB99754F00092EF592972A0DB709A48CB56
                        Function 0055AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                        Download Yara Rule
                        APIs
                        • _wcslen.LIBCMT ref: 0055B198
                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0055B1B0
                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0055B1D4
                        • _wcslen.LIBCMT ref: 0055B200
                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0055B214
                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0055B236
                        • _wcslen.LIBCMT ref: 0055B332
                          • Part of subcall function 005405A7: GetStdHandle.KERNEL32(000000F6), ref: 005405C6
                        • _wcslen.LIBCMT ref: 0055B34B
                        • _wcslen.LIBCMT ref: 0055B366
                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0055B3B6
                        • GetLastError.KERNEL32(00000000), ref: 0055B407
                        • CloseHandle.KERNEL32(?), ref: 0055B439
                        • CloseHandle.KERNEL32(00000000), ref: 0055B44A
                        • CloseHandle.KERNEL32(00000000), ref: 0055B45C
                        • CloseHandle.KERNEL32(00000000), ref: 0055B46E
                        • CloseHandle.KERNEL32(?), ref: 0055B4E3
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                        • String ID:
                        • API String ID: 2178637699-0
                        • Opcode ID: 34d9da4a833616d810d6fa4017dc9cb73b5efe28c45a718df8dba71f45ced968
                        • Instruction ID: c106f699245c86151895aa41267eb879923a016d99a765aea6c892801e705920
                        • Opcode Fuzzy Hash: 34d9da4a833616d810d6fa4017dc9cb73b5efe28c45a718df8dba71f45ced968
                        • Instruction Fuzzy Hash: CCF1AF316043409FD714EF25C8A9B6EBBE1BF84314F14895EF8859B2A2DB35EC08CB52
                        Function 00553FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNEL32(kernel32.dll,?,0056CC08), ref: 005540BB
                        • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 005540CD
                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0056CC08), ref: 005540F2
                        • FreeLibrary.KERNEL32(00000000,?,0056CC08), ref: 0055413E
                        • StringFromGUID2.OLE32(?,?,00000028,?,0056CC08), ref: 005541A8
                        • SysFreeString.OLEAUT32(00000009), ref: 00554262
                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 005542C8
                        • SysFreeString.OLEAUT32(?), ref: 005542F2
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                        • String ID: GetModuleHandleExW$kernel32.dll
                        • API String ID: 354098117-199464113
                        • Opcode ID: 0fcb61f73ee16c0fa770a9b5b374178e07e3736f46b5c086f37e56127ffc9a7c
                        • Instruction ID: 9056a89be53485d7d9f2d313a57a41258cce7dbf056ab1ef20258679817e8ae2
                        • Opcode Fuzzy Hash: 0fcb61f73ee16c0fa770a9b5b374178e07e3736f46b5c086f37e56127ffc9a7c
                        • Instruction Fuzzy Hash: A2126D75A00115EFDB14CF54C898EAEBBB5FF45309F24809AE9059B261D731ED8ACFA0
                        Function 004D326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenuItemCount.USER32(005A1990), ref: 00512F8D
                        • GetMenuItemCount.USER32(005A1990), ref: 0051303D
                        • GetCursorPos.USER32(?), ref: 00513081
                        • SetForegroundWindow.USER32(00000000), ref: 0051308A
                        • TrackPopupMenuEx.USER32(005A1990,00000000,?,00000000,00000000,00000000), ref: 0051309D
                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 005130A9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                        • String ID: 0
                        • API String ID: 36266755-4108050209
                        • Opcode ID: 600ce41dc618cb138476566121c1f740c8cbb357e7707a921f269cb433f15fce
                        • Instruction ID: 41943c0ae3cc432fc8d643c1bb986e4579352f10212077d2063a759a9eda8970
                        • Opcode Fuzzy Hash: 600ce41dc618cb138476566121c1f740c8cbb357e7707a921f269cb433f15fce
                        • Instruction Fuzzy Hash: 2771F33064020ABAFB219F29CC59FAABF64FB15324F204247F5256A2E0C7B1AD64DB55
                        Function 00566CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                        Download Yara Rule
                        APIs
                        • DestroyWindow.USER32(00000000,?), ref: 00566DEB
                          • Part of subcall function 004D6B57: _wcslen.LIBCMT ref: 004D6B6A
                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00566E5F
                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00566E81
                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00566E94
                        • DestroyWindow.USER32(?), ref: 00566EB5
                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,004D0000,00000000), ref: 00566EE4
                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00566EFD
                        • GetDesktopWindow.USER32 ref: 00566F16
                        • GetWindowRect.USER32(00000000), ref: 00566F1D
                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00566F35
                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00566F4D
                          • Part of subcall function 004E9944: GetWindowLongW.USER32(?,000000EB), ref: 004E9952
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                        • String ID: 0$tooltips_class32
                        • API String ID: 2429346358-3619404913
                        • Opcode ID: 7ab1073340b78966f4c38285ded1ad88ace8a9bc65854d766596d133b0bf1484
                        • Instruction ID: 77b78ff787061552f666a1979549117b38e8bee2a628fe1ca112fd50c2ff67ff
                        • Opcode Fuzzy Hash: 7ab1073340b78966f4c38285ded1ad88ace8a9bc65854d766596d133b0bf1484
                        • Instruction Fuzzy Hash: 00715774104244AFDB21CF2CD898EBBBFE9FB99304F04481EF9998B261C771A919DB15
                        Function 0054C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                        Download Yara Rule
                        APIs
                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0054C4B0
                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0054C4C3
                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0054C4D7
                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0054C4F0
                        • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0054C533
                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0054C549
                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0054C554
                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0054C584
                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0054C5DC
                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0054C5F0
                        • InternetCloseHandle.WININET(00000000), ref: 0054C5FB
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                        • String ID:
                        • API String ID: 3800310941-3916222277
                        • Opcode ID: a8c1442affc974ba08c25b4002508d4c9e7f3be2670af0ebd4aede35f5ba063c
                        • Instruction ID: 5ca2947ee08b9be738f1dc88c15f90a0d723d6107d2d84e4436a4e685f4067c5
                        • Opcode Fuzzy Hash: a8c1442affc974ba08c25b4002508d4c9e7f3be2670af0ebd4aede35f5ba063c
                        • Instruction Fuzzy Hash: 95515DB0501205BFDB619F65C948AFB7FBCFB58758F008419F98597210DB74E948AB60
                        Function 0056856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00568592
                        • GetFileSize.KERNEL32(00000000,00000000), ref: 005685A2
                        • GlobalAlloc.KERNEL32(00000002,00000000), ref: 005685AD
                        • CloseHandle.KERNEL32(00000000), ref: 005685BA
                        • GlobalLock.KERNEL32(00000000), ref: 005685C8
                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 005685D7
                        • GlobalUnlock.KERNEL32(00000000), ref: 005685E0
                        • CloseHandle.KERNEL32(00000000), ref: 005685E7
                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 005685F8
                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,0056FC38,?), ref: 00568611
                        • GlobalFree.KERNEL32(00000000), ref: 00568621
                        • GetObjectW.GDI32(?,00000018,000000FF), ref: 00568641
                        • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00568671
                        • DeleteObject.GDI32(00000000), ref: 00568699
                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 005686AF
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                        • String ID:
                        • API String ID: 3840717409-0
                        • Opcode ID: 0b8745038fc43594d2caf48daf741dabb735d925515f371090bb7412e4e568e2
                        • Instruction ID: 6430adbceb6db472ac37140879853bc12f2bf17b0523eb6c5f2cfd115f7a4826
                        • Opcode Fuzzy Hash: 0b8745038fc43594d2caf48daf741dabb735d925515f371090bb7412e4e568e2
                        • Instruction Fuzzy Hash: 3B412775600208BFDB119FA9CC48EBA7FB8FFA9B11F104159F946EB260DB709945DB20
                        Function 005414BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                        Download Yara Rule
                        APIs
                        • VariantInit.OLEAUT32(00000000), ref: 00541502
                        • VariantCopy.OLEAUT32(?,?), ref: 0054150B
                        • VariantClear.OLEAUT32(?), ref: 00541517
                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 005415FB
                        • VarR8FromDec.OLEAUT32(?,?), ref: 00541657
                        • VariantInit.OLEAUT32(?), ref: 00541708
                        • SysFreeString.OLEAUT32(?), ref: 0054178C
                        • VariantClear.OLEAUT32(?), ref: 005417D8
                        • VariantClear.OLEAUT32(?), ref: 005417E7
                        • VariantInit.OLEAUT32(00000000), ref: 00541823
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                        • API String ID: 1234038744-3931177956
                        • Opcode ID: dbf404d10e18dc491012bb27697d2b0677dafb162bd766b2b05e490097d1b835
                        • Instruction ID: 21ff8d8553a4f785b90d829b08cd010817077087293843739d842c613b2c9aef
                        • Opcode Fuzzy Hash: dbf404d10e18dc491012bb27697d2b0677dafb162bd766b2b05e490097d1b835
                        • Instruction Fuzzy Hash: BED1F331A00905DBDB00AF66E885BF9BFB5FF44709F14845AE446AB280DB34EC84DF69
                        Function 0055B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                          • Part of subcall function 0055C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0055B6AE,?,?), ref: 0055C9B5
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055C9F1
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055CA68
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055CA9E
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0055B6F4
                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0055B772
                        • RegDeleteValueW.ADVAPI32(?,?), ref: 0055B80A
                        • RegCloseKey.ADVAPI32(?), ref: 0055B87E
                        • RegCloseKey.ADVAPI32(?), ref: 0055B89C
                        • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0055B8F2
                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0055B904
                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 0055B922
                        • FreeLibrary.KERNEL32(00000000), ref: 0055B983
                        • RegCloseKey.ADVAPI32(00000000), ref: 0055B994
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                        • String ID: RegDeleteKeyExW$advapi32.dll
                        • API String ID: 146587525-4033151799
                        • Opcode ID: db7d3d1e844a997232bf675f8bcfd31ce524b3964667e0d2a0201d2189fe1147
                        • Instruction ID: c3cb3c9dd035525bf9433febf7d342b122d0ff96e620207183da62b3fa82b1b9
                        • Opcode Fuzzy Hash: db7d3d1e844a997232bf675f8bcfd31ce524b3964667e0d2a0201d2189fe1147
                        • Instruction Fuzzy Hash: C0C15D30204201AFD714DF15C4A9B2ABBE5FF84319F14859EF8968B3A2CB75ED49CB91
                        Function 0055255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetDC.USER32(00000000), ref: 005525D8
                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 005525E8
                        • CreateCompatibleDC.GDI32(?), ref: 005525F4
                        • SelectObject.GDI32(00000000,?), ref: 00552601
                        • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0055266D
                        • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 005526AC
                        • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 005526D0
                        • SelectObject.GDI32(?,?), ref: 005526D8
                        • DeleteObject.GDI32(?), ref: 005526E1
                        • DeleteDC.GDI32(?), ref: 005526E8
                        • ReleaseDC.USER32(00000000,?), ref: 005526F3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                        • String ID: (
                        • API String ID: 2598888154-3887548279
                        • Opcode ID: 009d9078283c7b5607b31f2b7739f8d3de25225d8d1aae0b7235630f2b85c8cf
                        • Instruction ID: 513bfc93ddfb04986586e11602abd3a3657cc5dbe2653e69c5c3e93798324665
                        • Opcode Fuzzy Hash: 009d9078283c7b5607b31f2b7739f8d3de25225d8d1aae0b7235630f2b85c8cf
                        • Instruction Fuzzy Hash: FB610275D00219EFCF04CFA8D888AAEBBF5FF58310F20852AE956A7250D774A945DF90
                        Function 0050DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • ___free_lconv_mon.LIBCMT ref: 0050DAA1
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D659
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D66B
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D67D
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D68F
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D6A1
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D6B3
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D6C5
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D6D7
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D6E9
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D6FB
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D70D
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D71F
                          • Part of subcall function 0050D63C: _free.LIBCMT ref: 0050D731
                        • _free.LIBCMT ref: 0050DA96
                          • Part of subcall function 005029C8: HeapFree.KERNEL32(00000000,00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000), ref: 005029DE
                          • Part of subcall function 005029C8: GetLastError.KERNEL32(00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000,00000000), ref: 005029F0
                        • _free.LIBCMT ref: 0050DAB8
                        • _free.LIBCMT ref: 0050DACD
                        • _free.LIBCMT ref: 0050DAD8
                        • _free.LIBCMT ref: 0050DAFA
                        • _free.LIBCMT ref: 0050DB0D
                        • _free.LIBCMT ref: 0050DB1B
                        • _free.LIBCMT ref: 0050DB26
                        • _free.LIBCMT ref: 0050DB5E
                        • _free.LIBCMT ref: 0050DB65
                        • _free.LIBCMT ref: 0050DB82
                        • _free.LIBCMT ref: 0050DB9A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                        • String ID:
                        • API String ID: 161543041-0
                        • Opcode ID: 9e701fc12dcb76381e1898e81bde10fb696042d1088f6dd160372f1a3b2ae0be
                        • Instruction ID: 5853a21219e9a506f4acad68ac71bf8e22079ec2915f0dc052dace0b6d07b546
                        • Opcode Fuzzy Hash: 9e701fc12dcb76381e1898e81bde10fb696042d1088f6dd160372f1a3b2ae0be
                        • Instruction Fuzzy Hash: BA3119316046069FEB21AAB9E849B6E7FF9FF40310F254819E489D71D1DB35AC80CB30
                        Function 0053365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • GetClassNameW.USER32(?,?,00000100), ref: 0053369C
                        • _wcslen.LIBCMT ref: 005336A7
                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00533797
                        • GetClassNameW.USER32(?,?,00000400), ref: 0053380C
                        • GetDlgCtrlID.USER32(?), ref: 0053385D
                        • GetWindowRect.USER32(?,?), ref: 00533882
                        • GetParent.USER32(?), ref: 005338A0
                        • ScreenToClient.USER32(00000000), ref: 005338A7
                        • GetClassNameW.USER32(?,?,00000100), ref: 00533921
                        • GetWindowTextW.USER32(?,?,00000400), ref: 0053395D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                        • String ID: %s%u
                        • API String ID: 4010501982-679674701
                        • Opcode ID: 1a9b5dc199072df5b7f1f583f641b7a83d22060313402e912b7534ea152e9472
                        • Instruction ID: 0cabe9ca16a31fc150a4d7525f3af950d3814b3c3bb2d58673c07bcae47af2b8
                        • Opcode Fuzzy Hash: 1a9b5dc199072df5b7f1f583f641b7a83d22060313402e912b7534ea152e9472
                        • Instruction Fuzzy Hash: A791C571204606EFD719DF24C885FBAFBA8FF44354F004629FA99C2190DB70EA59CB91
                        Function 00534954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                        Download Yara Rule
                        APIs
                        • GetClassNameW.USER32(?,?,00000400), ref: 00534994
                        • GetWindowTextW.USER32(?,?,00000400), ref: 005349DA
                        • _wcslen.LIBCMT ref: 005349EB
                        • CharUpperBuffW.USER32(?,00000000), ref: 005349F7
                        • _wcsstr.LIBVCRUNTIME ref: 00534A2C
                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00534A64
                        • GetWindowTextW.USER32(?,?,00000400), ref: 00534A9D
                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00534AE6
                        • GetClassNameW.USER32(?,?,00000400), ref: 00534B20
                        • GetWindowRect.USER32(?,?), ref: 00534B8B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                        • String ID: ThumbnailClass
                        • API String ID: 1311036022-1241985126
                        • Opcode ID: c4a1154f64bc4341b735f872ccd3297b9029c246c2c4b2e2c4621875f2081f17
                        • Instruction ID: 22f2b215ea82645d5629e583b1885c92ce4b42460d86c5b0a09295e4e37e61da
                        • Opcode Fuzzy Hash: c4a1154f64bc4341b735f872ccd3297b9029c246c2c4b2e2c4621875f2081f17
                        • Instruction Fuzzy Hash: 9D91BB7210420A9BDB04CF14C995BBABBE9FF84314F04846AFD859A196EB34ED45CFA1
                        Function 0053BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenuItemInfoW.USER32(005A1990,000000FF,00000000,00000030), ref: 0053BFAC
                        • SetMenuItemInfoW.USER32(005A1990,00000004,00000000,00000030), ref: 0053BFE1
                        • Sleep.KERNEL32(000001F4), ref: 0053BFF3
                        • GetMenuItemCount.USER32(?), ref: 0053C039
                        • GetMenuItemID.USER32(?,00000000), ref: 0053C056
                        • GetMenuItemID.USER32(?,-00000001), ref: 0053C082
                        • GetMenuItemID.USER32(?,?), ref: 0053C0C9
                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0053C10F
                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0053C124
                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0053C145
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ItemMenu$Info$CheckCountRadioSleep
                        • String ID: 0
                        • API String ID: 1460738036-4108050209
                        • Opcode ID: 082d234a07629867b31640f80933376415ef339768fa49b83f764455a2f35cb7
                        • Instruction ID: 3c3bb711e5a2956a85d5ab2ae60dc0821e473e50acd5dde8f0bfe90d2643f29f
                        • Opcode Fuzzy Hash: 082d234a07629867b31640f80933376415ef339768fa49b83f764455a2f35cb7
                        • Instruction Fuzzy Hash: CF619EB190028AAFEF15CF68CD88AFEBFB8FB55344F000455E951A3291D775AD14EB60
                        Function 0055CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0055CC64
                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0055CC8D
                        • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0055CD48
                          • Part of subcall function 0055CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0055CCAA
                          • Part of subcall function 0055CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0055CCBD
                          • Part of subcall function 0055CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0055CCCF
                          • Part of subcall function 0055CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0055CD05
                          • Part of subcall function 0055CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0055CD28
                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 0055CCF3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                        • String ID: RegDeleteKeyExW$advapi32.dll
                        • API String ID: 2734957052-4033151799
                        • Opcode ID: 267ccbad26b8aca12180d05c8affe3f270a5894fddc948ef01200b88765e30d9
                        • Instruction ID: 739ec4a93fa03a08ba2ea60778b54a646d7af8053792134fcb13fd7800895f34
                        • Opcode Fuzzy Hash: 267ccbad26b8aca12180d05c8affe3f270a5894fddc948ef01200b88765e30d9
                        • Instruction Fuzzy Hash: E9319071901218BFDB209B94DC98EFFBF7CEF16751F000066E905E7100D6B09E49EAA0
                        Function 00543D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                        Download Yara Rule
                        APIs
                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00543D40
                        • _wcslen.LIBCMT ref: 00543D6D
                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00543D9D
                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00543DBE
                        • RemoveDirectoryW.KERNEL32(?), ref: 00543DCE
                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00543E55
                        • CloseHandle.KERNEL32(00000000), ref: 00543E60
                        • CloseHandle.KERNEL32(00000000), ref: 00543E6B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                        • String ID: :$\$\??\%s
                        • API String ID: 1149970189-3457252023
                        • Opcode ID: e7ead7ddf51496c0d03ea57784e374fe7bdca570f499dfbb9abfcb212d8d2494
                        • Instruction ID: 115eba2075421a218a5fc5a4cb9bb1508e8e0601c4091230c632330eabee5e23
                        • Opcode Fuzzy Hash: e7ead7ddf51496c0d03ea57784e374fe7bdca570f499dfbb9abfcb212d8d2494
                        • Instruction Fuzzy Hash: 1631B4B5A00109ABDB209BA5DC49FEF3BBCFF89744F1041B6F645D6160E7B497488B24
                        Function 0053E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • timeGetTime.WINMM ref: 0053E6B4
                          • Part of subcall function 004EE551: timeGetTime.WINMM(?,?,0053E6D4), ref: 004EE555
                        • Sleep.KERNEL32(0000000A), ref: 0053E6E1
                        • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0053E705
                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0053E727
                        • SetActiveWindow.USER32 ref: 0053E746
                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0053E754
                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 0053E773
                        • Sleep.KERNEL32(000000FA), ref: 0053E77E
                        • IsWindow.USER32 ref: 0053E78A
                        • EndDialog.USER32(00000000), ref: 0053E79B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                        • String ID: BUTTON
                        • API String ID: 1194449130-3405671355
                        • Opcode ID: 9b394ef585900d4ec10b644391cb991e4f5b2413180a2c26394283cee418a898
                        • Instruction ID: 624a10068c6af89ceff805fd74a06daf6b898eb7b4a0e86e0e7d341ee6b4f3d8
                        • Opcode Fuzzy Hash: 9b394ef585900d4ec10b644391cb991e4f5b2413180a2c26394283cee418a898
                        • Instruction Fuzzy Hash: 32216270240245AFEF105F69EC9BA353FE9F776349F100425F456836A1DFB19C08AB24
                        Function 0053E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0053EA5D
                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0053EA73
                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0053EA84
                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0053EA96
                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0053EAA7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: SendString$_wcslen
                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                        • API String ID: 2420728520-1007645807
                        • Opcode ID: e10b949c2bee7b01648ceb05a6258f69eb18663f20449fb9aea226fbddf68b91
                        • Instruction ID: daf220b6926a4e3afda4f82942f7e990ccfd89ebe10ac2da74294128c12e50aa
                        • Opcode Fuzzy Hash: e10b949c2bee7b01648ceb05a6258f69eb18663f20449fb9aea226fbddf68b91
                        • Instruction Fuzzy Hash: 1E115131A5026979DB20A7A2DD5BEFF6FBCFBD1F44F00042AB801A21D1EAB05D09C5B0
                        Function 00539F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                        Download Yara Rule
                        APIs
                        • GetKeyboardState.USER32(?), ref: 0053A012
                        • SetKeyboardState.USER32(?), ref: 0053A07D
                        • GetAsyncKeyState.USER32(000000A0), ref: 0053A09D
                        • GetKeyState.USER32(000000A0), ref: 0053A0B4
                        • GetAsyncKeyState.USER32(000000A1), ref: 0053A0E3
                        • GetKeyState.USER32(000000A1), ref: 0053A0F4
                        • GetAsyncKeyState.USER32(00000011), ref: 0053A120
                        • GetKeyState.USER32(00000011), ref: 0053A12E
                        • GetAsyncKeyState.USER32(00000012), ref: 0053A157
                        • GetKeyState.USER32(00000012), ref: 0053A165
                        • GetAsyncKeyState.USER32(0000005B), ref: 0053A18E
                        • GetKeyState.USER32(0000005B), ref: 0053A19C
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: State$Async$Keyboard
                        • String ID:
                        • API String ID: 541375521-0
                        • Opcode ID: e961a4b542e4c361cf14ef89f4eeb718440afbdba004aa89af1fe6aae4313bcb
                        • Instruction ID: 8b89b3917e070b74bcb3aacc0ecd14b45bb4ac6ba77dbb66843d896fbdabffba
                        • Opcode Fuzzy Hash: e961a4b542e4c361cf14ef89f4eeb718440afbdba004aa89af1fe6aae4313bcb
                        • Instruction Fuzzy Hash: 2551DA74A0478829FB35EBB088157EBBFF4AF52380F08859DD5C2571C2DB94AA4CC762
                        Function 00535CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                        • GetDlgItem.USER32(?,00000001), ref: 00535CE2
                        • GetWindowRect.USER32(00000000,?), ref: 00535CFB
                        • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00535D59
                        • GetDlgItem.USER32(?,00000002), ref: 00535D69
                        • GetWindowRect.USER32(00000000,?), ref: 00535D7B
                        • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00535DCF
                        • GetDlgItem.USER32(?,000003E9), ref: 00535DDD
                        • GetWindowRect.USER32(00000000,?), ref: 00535DEF
                        • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00535E31
                        • GetDlgItem.USER32(?,000003EA), ref: 00535E44
                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00535E5A
                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00535E67
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$ItemMoveRect$Invalidate
                        • String ID:
                        • API String ID: 3096461208-0
                        • Opcode ID: e79118210bb76346a8cae89f8cc4d634b37240a40f2f837792f5ca6d6c89f295
                        • Instruction ID: 917b41673681634ea7fd01bfc6b0da4a8b9dfa363cf75030f5eb6d47bfd8b331
                        • Opcode Fuzzy Hash: e79118210bb76346a8cae89f8cc4d634b37240a40f2f837792f5ca6d6c89f295
                        • Instruction Fuzzy Hash: C35100B1B00605AFDB18CF6CDD89AAE7BB9FB58301F548129F515E7290D7709E04DB50
                        Function 004E8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004E8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,004E8BE8,?,00000000,?,?,?,?,004E8BBA,00000000,?), ref: 004E8FC5
                        • DestroyWindow.USER32(?), ref: 004E8C81
                        • KillTimer.USER32(00000000,?,?,?,?,004E8BBA,00000000,?), ref: 004E8D1B
                        • DestroyAcceleratorTable.USER32(00000000), ref: 00526973
                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,004E8BBA,00000000,?), ref: 005269A1
                        • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,004E8BBA,00000000,?), ref: 005269B8
                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,004E8BBA,00000000), ref: 005269D4
                        • DeleteObject.GDI32(00000000), ref: 005269E6
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                        • String ID:
                        • API String ID: 641708696-0
                        • Opcode ID: 06ced2ae84042dcc44ebf1752638a1c4093c501a7681cb69204e3741df689cb1
                        • Instruction ID: eaabb418a021b1bf584d88a4dabe7297ee839a1f69aa67f31fa1e586f6e401aa
                        • Opcode Fuzzy Hash: 06ced2ae84042dcc44ebf1752638a1c4093c501a7681cb69204e3741df689cb1
                        • Instruction Fuzzy Hash: 7061C430402A50DFCF219F1AD948B267BF1FF52312F14451EE086976A0CB79AC85EF99
                        Function 004E9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004E9944: GetWindowLongW.USER32(?,000000EB), ref: 004E9952
                        • GetSysColor.USER32(0000000F), ref: 004E9862
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ColorLongWindow
                        • String ID:
                        • API String ID: 259745315-0
                        • Opcode ID: cf6b19d4d1574db2577703d6d00865cf1c525db03465d5b0dbf1567151cd4ab9
                        • Instruction ID: da5549abd01af186e81cc20a916b83e47fc2e7a8035a37cc5662a2cd4602e59e
                        • Opcode Fuzzy Hash: cf6b19d4d1574db2577703d6d00865cf1c525db03465d5b0dbf1567151cd4ab9
                        • Instruction Fuzzy Hash: FE41F431100694AFDB20AF3D9C84BBA3B65BB27331F144656F9A2872F2D3749C46DB15
                        Function 00508D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID: .O
                        • API String ID: 0-1338311375
                        • Opcode ID: 1f173c2492ac2745f0e032dea582d21f630bc26956ab325519eee97d97aa0c90
                        • Instruction ID: fc9e5f5355d28538b540ead800d52cd5168289f0bc1fe82d91580b75f810cfc5
                        • Opcode Fuzzy Hash: 1f173c2492ac2745f0e032dea582d21f630bc26956ab325519eee97d97aa0c90
                        • Instruction Fuzzy Hash: ACC10F74A0424AAFDB11DFA8C859BBDBFB0BF5A310F084099E954A73D2C7359941CB60
                        Function 005396E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0051F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00539717
                        • LoadStringW.USER32(00000000,?,0051F7F8,00000001), ref: 00539720
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                        • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0051F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00539742
                        • LoadStringW.USER32(00000000,?,0051F7F8,00000001), ref: 00539745
                        • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00539866
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: HandleLoadModuleString$Message_wcslen
                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                        • API String ID: 747408836-2268648507
                        • Opcode ID: c661e81776e65483515a482260123f1d73cc80a96750df6585c3e3f6a6b2929b
                        • Instruction ID: 3dad772ce73248675d466e63a89e26722e0367fa6851e87b2e005cbba79fc286
                        • Opcode Fuzzy Hash: c661e81776e65483515a482260123f1d73cc80a96750df6585c3e3f6a6b2929b
                        • Instruction Fuzzy Hash: 0A419172800109AACF04FBE1DE96DEEBB78AF55744F10002BF505B2191EB796F58CB65
                        Function 005306DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D6B57: _wcslen.LIBCMT ref: 004D6B6A
                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 005307A2
                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 005307BE
                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 005307DA
                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00530804
                        • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0053082C
                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00530837
                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0053083C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                        • API String ID: 323675364-22481851
                        • Opcode ID: 09101c1be88489cf2f69233d4a7aaf934559e7c2268e7cb530b3b31494625de2
                        • Instruction ID: 10aee221189519a81bc76b55e5c10882cb9b836f576d5e33972f2378a592d37c
                        • Opcode Fuzzy Hash: 09101c1be88489cf2f69233d4a7aaf934559e7c2268e7cb530b3b31494625de2
                        • Instruction Fuzzy Hash: C2411972C10229ABDF11EFA4DCA59EDBB78FF14754F04416AE901A32A1EB749E14CB90
                        Function 00553C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                        Download Yara Rule
                        APIs
                        • VariantInit.OLEAUT32(?), ref: 00553C5C
                        • CoInitialize.OLE32(00000000), ref: 00553C8A
                        • CoUninitialize.OLE32 ref: 00553C94
                        • _wcslen.LIBCMT ref: 00553D2D
                        • GetRunningObjectTable.OLE32(00000000,?), ref: 00553DB1
                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 00553ED5
                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00553F0E
                        • CoGetObject.OLE32(?,00000000,0056FB98,?), ref: 00553F2D
                        • SetErrorMode.KERNEL32(00000000), ref: 00553F40
                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00553FC4
                        • VariantClear.OLEAUT32(?), ref: 00553FD8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                        • String ID:
                        • API String ID: 429561992-0
                        • Opcode ID: 202fd83631676270df9ea1ebf72c723d1ddf920f556b98e0b1975363c92f5835
                        • Instruction ID: 1f6af3b6a17af0d42233355f65c3325cc43ebf8d853f13d396c6a5cd6cc6e45b
                        • Opcode Fuzzy Hash: 202fd83631676270df9ea1ebf72c723d1ddf920f556b98e0b1975363c92f5835
                        • Instruction Fuzzy Hash: D9C135716082059FC700DF68C89492BBBF9FF89789F00491EF9899B250DB71ED09CB52
                        Function 00547A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                        Download Yara Rule
                        APIs
                        • CoInitialize.OLE32(00000000), ref: 00547AF3
                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00547B8F
                        • SHGetDesktopFolder.SHELL32(?), ref: 00547BA3
                        • CoCreateInstance.OLE32(0056FD08,00000000,00000001,00596E6C,?), ref: 00547BEF
                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00547C74
                        • CoTaskMemFree.OLE32(?,?), ref: 00547CCC
                        • SHBrowseForFolderW.SHELL32(?), ref: 00547D57
                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00547D7A
                        • CoTaskMemFree.OLE32(00000000), ref: 00547D81
                        • CoTaskMemFree.OLE32(00000000), ref: 00547DD6
                        • CoUninitialize.OLE32 ref: 00547DDC
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                        • String ID:
                        • API String ID: 2762341140-0
                        • Opcode ID: 42bdef061332971cb59811bc7c8375b32c62c31af015f25441134d3d06c8fe7f
                        • Instruction ID: 7c11d1c7342e88efb0315c357591cd3df82c90df1abcf2f9c2e6eaa288fc4da3
                        • Opcode Fuzzy Hash: 42bdef061332971cb59811bc7c8375b32c62c31af015f25441134d3d06c8fe7f
                        • Instruction Fuzzy Hash: E0C11C75A04119AFCB14DFA4C898DAEBBF9FF48308B148499E819DB361D731EE45CB90
                        Function 0056541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00565504
                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00565515
                        • CharNextW.USER32(00000158), ref: 00565544
                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00565585
                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0056559B
                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 005655AC
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$CharNext
                        • String ID:
                        • API String ID: 1350042424-0
                        • Opcode ID: cd7db88bf04254e6b97b300ae51cf002169d1b9bff898adc6cfb0dc48e96f1ee
                        • Instruction ID: 4d6f7c2942796b4baadbc0b7280873e9dcffaa45cbe7fa9ce387f3bde12b935f
                        • Opcode Fuzzy Hash: cd7db88bf04254e6b97b300ae51cf002169d1b9bff898adc6cfb0dc48e96f1ee
                        • Instruction Fuzzy Hash: 68619E30940609EFDF218F68CC849FE7FB9FB19725F104545F965AB290EB748A84DB60
                        Function 0052FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                        Download Yara Rule
                        APIs
                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0052FAAF
                        • SafeArrayAllocData.OLEAUT32(?), ref: 0052FB08
                        • VariantInit.OLEAUT32(?), ref: 0052FB1A
                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 0052FB3A
                        • VariantCopy.OLEAUT32(?,?), ref: 0052FB8D
                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 0052FBA1
                        • VariantClear.OLEAUT32(?), ref: 0052FBB6
                        • SafeArrayDestroyData.OLEAUT32(?), ref: 0052FBC3
                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0052FBCC
                        • VariantClear.OLEAUT32(?), ref: 0052FBDE
                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0052FBE9
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                        • String ID:
                        • API String ID: 2706829360-0
                        • Opcode ID: 921b9fdb4247c3f4212ae4655ee54a7c516f20b3d25bf0cb0bbe3f31edba6935
                        • Instruction ID: 293907e95ed37825d391a8ee843c65a02e2955a7300da8a222a51510bb5e90df
                        • Opcode Fuzzy Hash: 921b9fdb4247c3f4212ae4655ee54a7c516f20b3d25bf0cb0bbe3f31edba6935
                        • Instruction Fuzzy Hash: F4415E35A002199FCF00DF68E8589BEBFB9FF58345F008079E945A72A1DB74A945DFA0
                        Function 00539C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                        Download Yara Rule
                        APIs
                        • GetKeyboardState.USER32(?), ref: 00539CA1
                        • GetAsyncKeyState.USER32(000000A0), ref: 00539D22
                        • GetKeyState.USER32(000000A0), ref: 00539D3D
                        • GetAsyncKeyState.USER32(000000A1), ref: 00539D57
                        • GetKeyState.USER32(000000A1), ref: 00539D6C
                        • GetAsyncKeyState.USER32(00000011), ref: 00539D84
                        • GetKeyState.USER32(00000011), ref: 00539D96
                        • GetAsyncKeyState.USER32(00000012), ref: 00539DAE
                        • GetKeyState.USER32(00000012), ref: 00539DC0
                        • GetAsyncKeyState.USER32(0000005B), ref: 00539DD8
                        • GetKeyState.USER32(0000005B), ref: 00539DEA
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: State$Async$Keyboard
                        • String ID:
                        • API String ID: 541375521-0
                        • Opcode ID: 7f2f253caff1ce24070aba4a39b854f3a0e0dd89bb5e756ef7a0782a3f537f90
                        • Instruction ID: d5e50a5ffab9891277ef0bed00813b156c5259843eea290c9f1bb74aa52ba70a
                        • Opcode Fuzzy Hash: 7f2f253caff1ce24070aba4a39b854f3a0e0dd89bb5e756ef7a0782a3f537f90
                        • Instruction Fuzzy Hash: 0E41C6B45047CA6AFF319664C8053B6BFA07F21344F08845ADAC7576C2DBE59DC8CBA2
                        Function 0055055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                        Download Yara Rule
                        APIs
                        • WSAStartup.WSOCK32(00000101,?), ref: 005505BC
                        • inet_addr.WSOCK32(?), ref: 0055061C
                        • gethostbyname.WSOCK32(?), ref: 00550628
                        • IcmpCreateFile.IPHLPAPI ref: 00550636
                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 005506C6
                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 005506E5
                        • IcmpCloseHandle.IPHLPAPI(?), ref: 005507B9
                        • WSACleanup.WSOCK32 ref: 005507BF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                        • String ID: Ping
                        • API String ID: 1028309954-2246546115
                        • Opcode ID: 6f9dffefb2c6f346a3ada6d3e68e8376af19f51bf5706ca2665911478bbeb9a0
                        • Instruction ID: bd40ef873c0f964545d8bdd909556540f2d719955e2e5f8d48d5ad380b0fae0c
                        • Opcode Fuzzy Hash: 6f9dffefb2c6f346a3ada6d3e68e8376af19f51bf5706ca2665911478bbeb9a0
                        • Instruction Fuzzy Hash: 9B918C756042019FD320DF19C498B1ABFE0FF48319F1495AAE86A8B7A2D774ED49CF81
                        Function 00558CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$BuffCharLower
                        • String ID: cdecl$none$stdcall$winapi
                        • API String ID: 707087890-567219261
                        • Opcode ID: ff303e2ccf04fdae2593076808aa025003abbb40787e2f318c55cddaf7eb03fa
                        • Instruction ID: 2145ba9bc38f0bef8aaab85d1b75f36299521965ba8bb180e0f3274f55e23555
                        • Opcode Fuzzy Hash: ff303e2ccf04fdae2593076808aa025003abbb40787e2f318c55cddaf7eb03fa
                        • Instruction Fuzzy Hash: 28519E71A001169BCF14DF68C8618BEBBF5BF64725B20422BE866F7284DB35DD48C790
                        Function 0055372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                        Download Yara Rule
                        APIs
                        • CoInitialize.OLE32 ref: 00553774
                        • CoUninitialize.OLE32 ref: 0055377F
                        • CoCreateInstance.OLE32(?,00000000,00000017,0056FB78,?), ref: 005537D9
                        • IIDFromString.OLE32(?,?), ref: 0055384C
                        • VariantInit.OLEAUT32(?), ref: 005538E4
                        • VariantClear.OLEAUT32(?), ref: 00553936
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                        • API String ID: 636576611-1287834457
                        • Opcode ID: 0797a2f4ea64ab58351d3f01ee66f95be2afb0a76cf8c5327b261ffded68ab20
                        • Instruction ID: f5bd96135a19e0267eca0adf64f4a014896abf6a4948670a82192035e891a401
                        • Opcode Fuzzy Hash: 0797a2f4ea64ab58351d3f01ee66f95be2afb0a76cf8c5327b261ffded68ab20
                        • Instruction Fuzzy Hash: 7B618C70608301AFD714DF55C869B6ABFE4FF48756F10080AF9899B291D770EE48CB96
                        Function 00543388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                        Download Yara Rule
                        APIs
                        • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 005433CF
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                        • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 005433F0
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: LoadString$_wcslen
                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                        • API String ID: 4099089115-3080491070
                        • Opcode ID: d69d1d03fb6f13dec4599b182f401c1492a95a2f7e61ac13099dabef8678388d
                        • Instruction ID: 6dcb47558e96b6b9c900bf304c5fd886b8a0340b3f09ea345de084661b4f3e50
                        • Opcode Fuzzy Hash: d69d1d03fb6f13dec4599b182f401c1492a95a2f7e61ac13099dabef8678388d
                        • Instruction Fuzzy Hash: 7151E172900209AADF14EBE1CD56EEEBB78BF14748F10406BF405721A1EB392F58DB64
                        Function 0053B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$BuffCharUpper
                        • String ID: APPEND$EXISTS$KEYS$REMOVE
                        • API String ID: 1256254125-769500911
                        • Opcode ID: 3a4f7c07e06c4a6d2cd6ade2c5c1c239d08c06e3cd8fd7ba8abfaca775527a45
                        • Instruction ID: 251fa6b81f0698edcaf4474cf771cbd431707e1de12b6e0c4d9caf0cf18dc279
                        • Opcode Fuzzy Hash: 3a4f7c07e06c4a6d2cd6ade2c5c1c239d08c06e3cd8fd7ba8abfaca775527a45
                        • Instruction Fuzzy Hash: 7341D932B001269BDB105F7DC8915BE7FA5FFA0798F24422AE625D7285E735CD81C790
                        Function 00545393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 005453A0
                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00545416
                        • GetLastError.KERNEL32 ref: 00545420
                        • SetErrorMode.KERNEL32(00000000,READY), ref: 005454A7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Error$Mode$DiskFreeLastSpace
                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                        • API String ID: 4194297153-14809454
                        • Opcode ID: 975167ab53ae7ecbd8e7240d75b4aa7bc5443c4dd708c26aac22b2e80503160b
                        • Instruction ID: 89f49c93fe1d90c5bf644467cb2a1a81fe15a204756ceb2be27ca029bb62e9b8
                        • Opcode Fuzzy Hash: 975167ab53ae7ecbd8e7240d75b4aa7bc5443c4dd708c26aac22b2e80503160b
                        • Instruction Fuzzy Hash: BE319F35A006049FCB10DF68C498AEA7FB4FB55349F54806AE405CF392EB75DD8ACB90
                        Function 00563C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                        Download Yara Rule
                        APIs
                        • CreateMenu.USER32 ref: 00563C79
                        • SetMenu.USER32(?,00000000), ref: 00563C88
                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00563D10
                        • IsMenu.USER32(?), ref: 00563D24
                        • CreatePopupMenu.USER32 ref: 00563D2E
                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00563D5B
                        • DrawMenuBar.USER32 ref: 00563D63
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Menu$CreateItem$DrawInfoInsertPopup
                        • String ID: 0$F
                        • API String ID: 161812096-3044882817
                        • Opcode ID: 49d2d998cd894de098a9b416357e611943bbf7771927a06a2aa576166de98acf
                        • Instruction ID: 102c443b26530fbea110759339ed766a414305ca4dbb2203fb366b1dea536d95
                        • Opcode Fuzzy Hash: 49d2d998cd894de098a9b416357e611943bbf7771927a06a2aa576166de98acf
                        • Instruction Fuzzy Hash: 47415879A01209EFDB24CFA4DC84AAA7FB5FF59350F140029FA46A7360D770AA14DF94
                        Function 00531EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                          • Part of subcall function 00533CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00533CCA
                        • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00531F64
                        • GetDlgCtrlID.USER32 ref: 00531F6F
                        • GetParent.USER32 ref: 00531F8B
                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00531F8E
                        • GetDlgCtrlID.USER32(?), ref: 00531F97
                        • GetParent.USER32(?), ref: 00531FAB
                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00531FAE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 711023334-1403004172
                        • Opcode ID: 0fae2356c290147eb57ff48d911f596ee36b276c6adea4dd38f7d9063221a93b
                        • Instruction ID: a6143310553ac2fe725119fa216bc67364ad56a45c8e8bb5488230498cc37ab0
                        • Opcode Fuzzy Hash: 0fae2356c290147eb57ff48d911f596ee36b276c6adea4dd38f7d9063221a93b
                        • Instruction Fuzzy Hash: 5A21D070A00214BBCF00AFA4CC849FEBFB8BF15340F00410AF961AB291DB784918DB78
                        Function 00531FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                          • Part of subcall function 00533CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00533CCA
                        • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00532043
                        • GetDlgCtrlID.USER32 ref: 0053204E
                        • GetParent.USER32 ref: 0053206A
                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 0053206D
                        • GetDlgCtrlID.USER32(?), ref: 00532076
                        • GetParent.USER32(?), ref: 0053208A
                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 0053208D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 711023334-1403004172
                        • Opcode ID: 5fe374e471fe59d6d8b76a722e68a7f845db88b4949be9c1132c7d12f12faac4
                        • Instruction ID: ecb1c2c37213010b9084a023f617ed97baa10e34f57f56ad9d55c7167f992a59
                        • Opcode Fuzzy Hash: 5fe374e471fe59d6d8b76a722e68a7f845db88b4949be9c1132c7d12f12faac4
                        • Instruction Fuzzy Hash: F121C271A00218BBCF15AFA4CC49EFEBFB8BF15344F004406F991AB2A1DB794918DB64
                        Function 00563A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00563A9D
                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00563AA0
                        • GetWindowLongW.USER32(?,000000F0), ref: 00563AC7
                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00563AEA
                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00563B62
                        • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00563BAC
                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00563BC7
                        • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00563BE2
                        • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00563BF6
                        • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00563C13
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$LongWindow
                        • String ID:
                        • API String ID: 312131281-0
                        • Opcode ID: 4848883d65d9666541c1462ef665243530cb155708af1efa116e11d22a57468f
                        • Instruction ID: a60e15f4707544ab7346089104b59ab93a33bc37991c810cb88b9b3675cf4e82
                        • Opcode Fuzzy Hash: 4848883d65d9666541c1462ef665243530cb155708af1efa116e11d22a57468f
                        • Instruction Fuzzy Hash: 56617A75900208AFDB10DFA8CC81EEE7BB8FF49704F10419AFA15AB2A1D774AE45DB54
                        Function 0053B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                        Download Yara Rule
                        APIs
                        • GetCurrentThreadId.KERNEL32 ref: 0053B151
                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0053A1E1,?,00000001), ref: 0053B165
                        • GetWindowThreadProcessId.USER32(00000000), ref: 0053B16C
                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0053A1E1,?,00000001), ref: 0053B17B
                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 0053B18D
                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0053A1E1,?,00000001), ref: 0053B1A6
                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0053A1E1,?,00000001), ref: 0053B1B8
                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0053A1E1,?,00000001), ref: 0053B1FD
                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0053A1E1,?,00000001), ref: 0053B212
                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0053A1E1,?,00000001), ref: 0053B21D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                        • String ID:
                        • API String ID: 2156557900-0
                        • Opcode ID: 089578e540ac5730a780d0f7d0b904f2bc3213a23e35dc144b85c13ec97e7a08
                        • Instruction ID: fa75036c8919d7ccdd7c73fe06f15ada0f9fdc0194687c464e32fa68f2bf40b6
                        • Opcode Fuzzy Hash: 089578e540ac5730a780d0f7d0b904f2bc3213a23e35dc144b85c13ec97e7a08
                        • Instruction Fuzzy Hash: 47319C79500204BFEB109F28DC49B7EBFA9BB62315F104149FA02D7190E7B49A48DF64
                        Function 00502C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                        Download Yara Rule
                        APIs
                        • _free.LIBCMT ref: 00502C94
                          • Part of subcall function 005029C8: HeapFree.KERNEL32(00000000,00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000), ref: 005029DE
                          • Part of subcall function 005029C8: GetLastError.KERNEL32(00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000,00000000), ref: 005029F0
                        • _free.LIBCMT ref: 00502CA0
                        • _free.LIBCMT ref: 00502CAB
                        • _free.LIBCMT ref: 00502CB6
                        • _free.LIBCMT ref: 00502CC1
                        • _free.LIBCMT ref: 00502CCC
                        • _free.LIBCMT ref: 00502CD7
                        • _free.LIBCMT ref: 00502CE2
                        • _free.LIBCMT ref: 00502CED
                        • _free.LIBCMT ref: 00502CFB
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _free$ErrorFreeHeapLast
                        • String ID:
                        • API String ID: 776569668-0
                        • Opcode ID: 9f4fab0330e5f08d616216d4c0ec45e7601167afe5a899cf689401c2f7853dd4
                        • Instruction ID: 5c7b86eab6909423c16c6d44963d345d741e92ff6d5859826e08fac31e9abc92
                        • Opcode Fuzzy Hash: 9f4fab0330e5f08d616216d4c0ec45e7601167afe5a899cf689401c2f7853dd4
                        • Instruction Fuzzy Hash: 33119676100109AFCB02EF54D84ACDD3FA9FF45350F5148A5F9485B262D631EE909B90
                        Function 00547DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                        Download Yara Rule
                        APIs
                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00547FAD
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00547FC1
                        • GetFileAttributesW.KERNEL32(?), ref: 00547FEB
                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00548005
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00548017
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00548060
                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 005480B0
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CurrentDirectory$AttributesFile
                        • String ID: *.*
                        • API String ID: 769691225-438819550
                        • Opcode ID: 985d45ffad219a4c2c02e326efce80ac881729f0991cc1382c6ddb0b0c3480eb
                        • Instruction ID: a01e24be3daf29230fd33975402feda73bf85830c6e96bbe281b831469bd404c
                        • Opcode Fuzzy Hash: 985d45ffad219a4c2c02e326efce80ac881729f0991cc1382c6ddb0b0c3480eb
                        • Instruction Fuzzy Hash: AF81AE725082099BCB20EF25C8549FEBBE8BB88318F144D5EF889C7250EB35DD498B52
                        Function 004D5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                        Download Yara Rule
                        APIs
                        • SetWindowLongW.USER32(?,000000EB), ref: 004D5C7A
                          • Part of subcall function 004D5D0A: GetClientRect.USER32(?,?), ref: 004D5D30
                          • Part of subcall function 004D5D0A: GetWindowRect.USER32(?,?), ref: 004D5D71
                          • Part of subcall function 004D5D0A: ScreenToClient.USER32(?,?), ref: 004D5D99
                        • GetDC.USER32 ref: 005146F5
                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00514708
                        • SelectObject.GDI32(00000000,00000000), ref: 00514716
                        • SelectObject.GDI32(00000000,00000000), ref: 0051472B
                        • ReleaseDC.USER32(?,00000000), ref: 00514733
                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 005147C4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                        • String ID: U
                        • API String ID: 4009187628-3372436214
                        • Opcode ID: 6e35ade2a23627d072f5a490d1407a8b1560c16a15a3c3f2649d44bfd897c414
                        • Instruction ID: 0b0450670513004116361b74b9fbffc03c3561d75d32269b01b5671677c007c1
                        • Opcode Fuzzy Hash: 6e35ade2a23627d072f5a490d1407a8b1560c16a15a3c3f2649d44bfd897c414
                        • Instruction Fuzzy Hash: 87710030500205DFEF218F68C984AFA3FB1FF4A365F14526AED555A2A6C7349C82DF60
                        Function 0054359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                        Download Yara Rule
                        APIs
                        • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 005435E4
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                        • LoadStringW.USER32(005A2390,?,00000FFF,?), ref: 0054360A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: LoadString$_wcslen
                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                        • API String ID: 4099089115-2391861430
                        • Opcode ID: d2898fccc873c0a78916ec98382357c9546bb4e457b569740f05b5a0053c395c
                        • Instruction ID: 3af99d2fa11408551e4cb8cc1c19f0a9f8085cc5e678cf290a0dcecb66260416
                        • Opcode Fuzzy Hash: d2898fccc873c0a78916ec98382357c9546bb4e457b569740f05b5a0053c395c
                        • Instruction Fuzzy Hash: 1C518E7180020AAADF14EFA1DC56EEEBF38FF14748F04412AF505721A1EB741B98DB65
                        Function 0054C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                        Download Yara Rule
                        APIs
                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0054C272
                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0054C29A
                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0054C2CA
                        • GetLastError.KERNEL32 ref: 0054C322
                        • SetEvent.KERNEL32(?), ref: 0054C336
                        • InternetCloseHandle.WININET(00000000), ref: 0054C341
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                        • String ID:
                        • API String ID: 3113390036-3916222277
                        • Opcode ID: 69505e12d7f24f737fe79461e1df08ae764c3a7270be0a2e16233ef6e61ada14
                        • Instruction ID: 5c3b97b0e975fb5c903d99259f0c2512a768a7f67ce7df5fd1a1d72b358c069c
                        • Opcode Fuzzy Hash: 69505e12d7f24f737fe79461e1df08ae764c3a7270be0a2e16233ef6e61ada14
                        • Instruction Fuzzy Hash: 3C317171601204AFD7619F698C88ABB7FFCFB99748B14891EF48693210DB74DD089B60
                        Function 0053989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00513AAF,?,?,Bad directive syntax error,0056CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 005398BC
                        • LoadStringW.USER32(00000000,?,00513AAF,?), ref: 005398C3
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00539987
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: HandleLoadMessageModuleString_wcslen
                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                        • API String ID: 858772685-4153970271
                        • Opcode ID: 777c0aabd57a0a7c046d6dd6ae4bc249aa7577c77ce845ed6f5e31993270b871
                        • Instruction ID: 1bfa9a52c5769a69b1189488351312d1f95d2cba4013a21e4354e3f16dd45a0e
                        • Opcode Fuzzy Hash: 777c0aabd57a0a7c046d6dd6ae4bc249aa7577c77ce845ed6f5e31993270b871
                        • Instruction Fuzzy Hash: DB21B13290020EABDF11AF90CC56EEE7B35FF18705F04441BF515621A2EB759A28DB11
                        Function 0053209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetParent.USER32 ref: 005320AB
                        • GetClassNameW.USER32(00000000,?,00000100), ref: 005320C0
                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0053214D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ClassMessageNameParentSend
                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                        • API String ID: 1290815626-3381328864
                        • Opcode ID: 1f9e848488d2ade91b95069afaa29bae4b1ca10264cd16285354453ee92e9d63
                        • Instruction ID: ab5266a95de4c7f6a687178da99ed64a24faff7b818784c720636ffde8182d36
                        • Opcode Fuzzy Hash: 1f9e848488d2ade91b95069afaa29bae4b1ca10264cd16285354453ee92e9d63
                        • Instruction Fuzzy Hash: F9112977688B0BB9FA026225DC07DB73F9CFB14328F20015BFB05A50E1FEB569169618
                        Function 0050CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                        • String ID:
                        • API String ID: 1282221369-0
                        • Opcode ID: edbc5fd64a4f06926c0e367e147b64180f9ad6146b64c9f0b692918b846fd9fc
                        • Instruction ID: 811d15f85e859ecd9771ea1d1e1f22fdf367d3ab10bb38f164413c0e3fe072a1
                        • Opcode Fuzzy Hash: edbc5fd64a4f06926c0e367e147b64180f9ad6146b64c9f0b692918b846fd9fc
                        • Instruction Fuzzy Hash: A8618872904302AFDB21AFB49889A6E7FA5FF03320F14426DF905A72C2E6319D04DB61
                        Function 005650D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00565186
                        • ShowWindow.USER32(?,00000000), ref: 005651C7
                        • ShowWindow.USER32(?,00000005,?,00000000), ref: 005651CD
                        • SetFocus.USER32(?,?,00000005,?,00000000), ref: 005651D1
                          • Part of subcall function 00566FBA: DeleteObject.GDI32(00000000), ref: 00566FE6
                        • GetWindowLongW.USER32(?,000000F0), ref: 0056520D
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0056521A
                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0056524D
                        • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00565287
                        • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00565296
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                        • String ID:
                        • API String ID: 3210457359-0
                        • Opcode ID: 6584bf2b8fb876bfe4ac094b7cee4878b8a94202d2a4f4934b418eb9a876e443
                        • Instruction ID: f81319066fed9e309694fa42468cd41fd8f17365bcc6061599cb63d2f7c9e2b2
                        • Opcode Fuzzy Hash: 6584bf2b8fb876bfe4ac094b7cee4878b8a94202d2a4f4934b418eb9a876e443
                        • Instruction Fuzzy Hash: 7451C034AC0A09BFEF209F29CC59BD83F65FB06325F144002F6559B2E0E7B5A994DB50
                        Function 004E8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                        Download Yara Rule
                        APIs
                        • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00526890
                        • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 005268A9
                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 005268B9
                        • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 005268D1
                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 005268F2
                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,004E8874,00000000,00000000,00000000,000000FF,00000000), ref: 00526901
                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0052691E
                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,004E8874,00000000,00000000,00000000,000000FF,00000000), ref: 0052692D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                        • String ID:
                        • API String ID: 1268354404-0
                        • Opcode ID: ca89c3796913db85914c768eb40fdad3064b64140b364b70850d9e30b16f069c
                        • Instruction ID: 4520efef9faa77cb16b33085a0065cc8f7c6b20e64b163e9a43ae4419a39928d
                        • Opcode Fuzzy Hash: ca89c3796913db85914c768eb40fdad3064b64140b364b70850d9e30b16f069c
                        • Instruction Fuzzy Hash: 1951A670600209AFDB20CF2ACC95BAA7BB5FF58351F10451DF946972E0DBB4E980EB44
                        Function 0054C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                        Download Yara Rule
                        APIs
                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0054C182
                        • GetLastError.KERNEL32 ref: 0054C195
                        • SetEvent.KERNEL32(?), ref: 0054C1A9
                          • Part of subcall function 0054C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0054C272
                          • Part of subcall function 0054C253: GetLastError.KERNEL32 ref: 0054C322
                          • Part of subcall function 0054C253: SetEvent.KERNEL32(?), ref: 0054C336
                          • Part of subcall function 0054C253: InternetCloseHandle.WININET(00000000), ref: 0054C341
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                        • String ID:
                        • API String ID: 337547030-0
                        • Opcode ID: 167cf4e2bd17e7e5340c7648bb621e42d647d890b9f28b07188a9d2c2630d10a
                        • Instruction ID: fec822fbb3a1295b66db213cec7ba735c4cba27fe22f45923696646e12494dde
                        • Opcode Fuzzy Hash: 167cf4e2bd17e7e5340c7648bb621e42d647d890b9f28b07188a9d2c2630d10a
                        • Instruction Fuzzy Hash: CA31A175206641AFDB619FB9DC04AB6BFF8FFA8304B00441DF99683610D7B1E814EB60
                        Function 005325A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00533A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00533A57
                          • Part of subcall function 00533A3D: GetCurrentThreadId.KERNEL32 ref: 00533A5E
                          • Part of subcall function 00533A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005325B3), ref: 00533A65
                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 005325BD
                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 005325DB
                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 005325DF
                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 005325E9
                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00532601
                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00532605
                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 0053260F
                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00532623
                        • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00532627
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                        • String ID:
                        • API String ID: 2014098862-0
                        • Opcode ID: 38a27c72506d43ed3393c362bd189f19112ef28dac6a0bd2cda1ef1984660d8a
                        • Instruction ID: 63906574e1139e5976f599248731de0538043864b6ad7df7742f8a3296cc48bd
                        • Opcode Fuzzy Hash: 38a27c72506d43ed3393c362bd189f19112ef28dac6a0bd2cda1ef1984660d8a
                        • Instruction Fuzzy Hash: 9C01B130290610BBFB10676DDC8EF693F59EB9AB12F100001F358AF0E1C9F22448DA69
                        Function 00531803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                        Download Yara Rule
                        APIs
                        • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00531449,?,?,00000000), ref: 0053180C
                        • HeapAlloc.KERNEL32(00000000,?,00531449,?,?,00000000), ref: 00531813
                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00531449,?,?,00000000), ref: 00531828
                        • GetCurrentProcess.KERNEL32(?,00000000,?,00531449,?,?,00000000), ref: 00531830
                        • DuplicateHandle.KERNEL32(00000000,?,00531449,?,?,00000000), ref: 00531833
                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00531449,?,?,00000000), ref: 00531843
                        • GetCurrentProcess.KERNEL32(00531449,00000000,?,00531449,?,?,00000000), ref: 0053184B
                        • DuplicateHandle.KERNEL32(00000000,?,00531449,?,?,00000000), ref: 0053184E
                        • CreateThread.KERNEL32(00000000,00000000,00531874,00000000,00000000,00000000), ref: 00531868
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                        • String ID:
                        • API String ID: 1957940570-0
                        • Opcode ID: d07aa0d57ae9411188d6d962e330e08570275e8fc7580bc691dede66fb4dc77d
                        • Instruction ID: e319fa62873d0d2cf4cc9650dc39b8aa99d383d18073b22145888eca6e2a0152
                        • Opcode Fuzzy Hash: d07aa0d57ae9411188d6d962e330e08570275e8fc7580bc691dede66fb4dc77d
                        • Instruction Fuzzy Hash: 6501AC75240344BFE610AB69DC49F677F6CEB9AB11F004411FA45DB191C6B19844DB24
                        Function 00503E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: __alldvrm$_strrchr
                        • String ID: }}O$}}O$}}O
                        • API String ID: 1036877536-3468359926
                        • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                        • Instruction ID: 3d02e96dbadbddb240a507478e0196a78939b90d968891f3feec5dc0458b025c
                        • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                        • Instruction Fuzzy Hash: E7A149B1E007869FEB25CF18C8957AEBFE5FF61350F1845ADE6859B2C1C2389981CB50
                        Function 0055A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0053D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0053D501
                          • Part of subcall function 0053D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0053D50F
                          • Part of subcall function 0053D4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 0053D5DC
                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0055A16D
                        • GetLastError.KERNEL32 ref: 0055A180
                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0055A1B3
                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 0055A268
                        • GetLastError.KERNEL32(00000000), ref: 0055A273
                        • CloseHandle.KERNEL32(00000000), ref: 0055A2C4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                        • String ID: SeDebugPrivilege
                        • API String ID: 1701285019-2896544425
                        • Opcode ID: 2e9f7d93b09228455b78cfe618429c135529da2eace8d69db0c9f1a454a04405
                        • Instruction ID: 3a06e2c8144f51e3080ee8cd53f34d41c07cc6685e3a7851650eecccc9215acf
                        • Opcode Fuzzy Hash: 2e9f7d93b09228455b78cfe618429c135529da2eace8d69db0c9f1a454a04405
                        • Instruction Fuzzy Hash: 06618B34208242AFD710DF19C4A5F25BFA1BF54318F14858EE8668B7A3C776EC49CB92
                        Function 00563886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00563925
                        • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0056393A
                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00563954
                        • _wcslen.LIBCMT ref: 00563999
                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 005639C6
                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 005639F4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$Window_wcslen
                        • String ID: SysListView32
                        • API String ID: 2147712094-78025650
                        • Opcode ID: 78e171d4156f2858892eecf3012e2fbc312180f105b8c58957b4db75b4c83284
                        • Instruction ID: 7361d94ffa030774ee9424975795a4c32c5abea3e33c52571a815512964f6cae
                        • Opcode Fuzzy Hash: 78e171d4156f2858892eecf3012e2fbc312180f105b8c58957b4db75b4c83284
                        • Instruction Fuzzy Hash: D841D571A00219ABEF219F64CC49FEA7FA9FF08354F10052AF958E7281D7B59D84CB94
                        Function 0053BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0053BCFD
                        • IsMenu.USER32(00000000), ref: 0053BD1D
                        • CreatePopupMenu.USER32 ref: 0053BD53
                        • GetMenuItemCount.USER32(00D558D8), ref: 0053BDA4
                        • InsertMenuItemW.USER32(00D558D8,?,00000001,00000030), ref: 0053BDCC
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Menu$Item$CountCreateInfoInsertPopup
                        • String ID: 0$2
                        • API String ID: 93392585-3793063076
                        • Opcode ID: 053f79cb4aaffd380f8476fb5fb2d11f16b81d7d39dc6abd8b380450a4775d3d
                        • Instruction ID: 5c43c6e583eabe47fad75204e2dc889b6930c172dfd439e0ba1ddcf12aa5ed8d
                        • Opcode Fuzzy Hash: 053f79cb4aaffd380f8476fb5fb2d11f16b81d7d39dc6abd8b380450a4775d3d
                        • Instruction Fuzzy Hash: F151C070A002099BEF21DFA8D8C8BAEBFF4FF95314F144919E642EB291D7709945CB61
                        Function 004F2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                        Download Yara Rule
                        APIs
                        • _ValidateLocalCookies.LIBCMT ref: 004F2D4B
                        • ___except_validate_context_record.LIBVCRUNTIME ref: 004F2D53
                        • _ValidateLocalCookies.LIBCMT ref: 004F2DE1
                        • __IsNonwritableInCurrentImage.LIBCMT ref: 004F2E0C
                        • _ValidateLocalCookies.LIBCMT ref: 004F2E61
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                        • String ID: &HO$csm
                        • API String ID: 1170836740-2191611358
                        • Opcode ID: 847a0a7976ca3c1a51fa812eef09ffa4c4aa22da08cbd87ac3c693ca265abcf3
                        • Instruction ID: fc3b0747c2aa1a5c47fd99ea1397562ffe5ba746849bfc7a2eaa4eabe65b55ef
                        • Opcode Fuzzy Hash: 847a0a7976ca3c1a51fa812eef09ffa4c4aa22da08cbd87ac3c693ca265abcf3
                        • Instruction Fuzzy Hash: AA41E534A0020DABCF10DF69C945ABFBFB4BF44318F148056EA14AB392D7B99A05CB95
                        Function 0053C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                        Download Yara Rule
                        APIs
                        • LoadIconW.USER32(00000000,00007F03), ref: 0053C913
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: IconLoad
                        • String ID: blank$info$question$stop$warning
                        • API String ID: 2457776203-404129466
                        • Opcode ID: 5312fcd399ea5763ab5fae5990d4b75238413b10469a7cb8138a903017f55606
                        • Instruction ID: 2d376b9da8df78a5d195a673af03fbd7db4de4c1074a9063191f62e552f816bc
                        • Opcode Fuzzy Hash: 5312fcd399ea5763ab5fae5990d4b75238413b10469a7cb8138a903017f55606
                        • Instruction Fuzzy Hash: 8411EB3378930ABAAB019B959C82DAB7F9CFF15758F11046FF500B6182DBA47F005368
                        Function 0053DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                        • String ID: 0.0.0.0
                        • API String ID: 642191829-3771769585
                        • Opcode ID: c783d63b7e98958c78fbe1a5e6e57a4e2b65de47dd42c03a973fbbd64b60486d
                        • Instruction ID: bf302ad0399fd4e2bc0818408cf1f908906fd9721ecf4d7d0e252febe3131620
                        • Opcode Fuzzy Hash: c783d63b7e98958c78fbe1a5e6e57a4e2b65de47dd42c03a973fbbd64b60486d
                        • Instruction Fuzzy Hash: 1F113671900108AFCB20AB35AC0AEFF7FBCEF50714F00016EF14597091EFB48A85AA60
                        Function 0053ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$LocalTime
                        • String ID:
                        • API String ID: 952045576-0
                        • Opcode ID: 281a5e5bf8d55b33a1653191615612c78224e335f63bed7cf8a41691f752b621
                        • Instruction ID: ba23eedd817ccd18295d3233942ba2a6fc6dd9540c82bd2d643c7d3a23fba876
                        • Opcode Fuzzy Hash: 281a5e5bf8d55b33a1653191615612c78224e335f63bed7cf8a41691f752b621
                        • Instruction Fuzzy Hash: 0C41B065D1021C75CB11EBB5888A9DFB7ACAF45700F41886BE618E3162FB38E245C3E9
                        Function 004EF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                        Download Yara Rule
                        APIs
                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0052682C,00000004,00000000,00000000), ref: 004EF953
                        • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0052682C,00000004,00000000,00000000), ref: 0052F3D1
                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0052682C,00000004,00000000,00000000), ref: 0052F454
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ShowWindow
                        • String ID:
                        • API String ID: 1268545403-0
                        • Opcode ID: f792da4d619328bcd2ae90111fb606ba75a4755bb7367b9ec7fdad55ed924359
                        • Instruction ID: f77ce468b7b06bcd49de4e5f356a323a53f617c2bce05fe987b87850fb0d30c6
                        • Opcode Fuzzy Hash: f792da4d619328bcd2ae90111fb606ba75a4755bb7367b9ec7fdad55ed924359
                        • Instruction Fuzzy Hash: 22412B701046C0BAC7349B2E988873B7EA1BF66315F15483EE0C7576A2C6799489DB15
                        Function 00562D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                        Download Yara Rule
                        APIs
                        • DeleteObject.GDI32(00000000), ref: 00562D1B
                        • GetDC.USER32(00000000), ref: 00562D23
                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00562D2E
                        • ReleaseDC.USER32(00000000,00000000), ref: 00562D3A
                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00562D76
                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00562D87
                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00565A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00562DC2
                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00562DE1
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                        • String ID:
                        • API String ID: 3864802216-0
                        • Opcode ID: c28c067d1bf0b67a4526f6d59e80afcdddbd7278e34190e6c5c627d7d8351a7c
                        • Instruction ID: 477a96b4fb6c935eecedbd620472373e9e49447a7656f6d745ccde6278113709
                        • Opcode Fuzzy Hash: c28c067d1bf0b67a4526f6d59e80afcdddbd7278e34190e6c5c627d7d8351a7c
                        • Instruction Fuzzy Hash: E0317872201614BBEB218F58CC8AFBB3FA9FB19715F044055FE489B291C6B59C45CBA4
                        Function 00535622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _memcmp
                        • String ID:
                        • API String ID: 2931989736-0
                        • Opcode ID: 7cffc5d5e4f21c9a2304156f7e34656f5a9ab38eedbad18931b059bfa1dc499e
                        • Instruction ID: 860c9126bcbbb18f39dd8d0b42035f2fd1f2399d026ffc67dad13b2e2c670935
                        • Opcode Fuzzy Hash: 7cffc5d5e4f21c9a2304156f7e34656f5a9ab38eedbad18931b059bfa1dc499e
                        • Instruction Fuzzy Hash: D121C9B1B48A09B7F21455219D83FFA3B5DBF20388F841025FE059B991F724ED20C2E9
                        Function 00554FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID: NULL Pointer assignment$Not an Object type
                        • API String ID: 0-572801152
                        • Opcode ID: ee213a53875cfb756a1f65503c17cc3d3a8b9b7204529aa769627e8bfef59c7e
                        • Instruction ID: 74bab189d93ad6b9242869de2dfa060f734af102c253408e59176028b6dfe74e
                        • Opcode Fuzzy Hash: ee213a53875cfb756a1f65503c17cc3d3a8b9b7204529aa769627e8bfef59c7e
                        • Instruction Fuzzy Hash: DAD1E571A0060A9FDF10CF98C8A5BAEBBB5FF48345F14846AED15AB290E770DD49CB50
                        Function 00511522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                        Download Yara Rule
                        APIs
                        • GetCPInfo.KERNEL32(?,?), ref: 005115CE
                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00511651
                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 005116E4
                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 005116FB
                          • Part of subcall function 00503820: RtlAllocateHeap.NTDLL(00000000,?,005A1444,?,004EFDF5,?,?,004DA976,00000010,005A1440,004D13FC,?,004D13C6,?,004D1129), ref: 00503852
                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00511777
                        • __freea.LIBCMT ref: 005117A2
                        • __freea.LIBCMT ref: 005117AE
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                        • String ID:
                        • API String ID: 2829977744-0
                        • Opcode ID: 786d102704904a99057d62632e5f3ca69852f9dc1be1d609ad43c98cee2cf1bc
                        • Instruction ID: d88f8f42bf7f63e2f2bcef69d48249e3eb8b38cb55374b21297d9814ead45bd6
                        • Opcode Fuzzy Hash: 786d102704904a99057d62632e5f3ca69852f9dc1be1d609ad43c98cee2cf1bc
                        • Instruction Fuzzy Hash: 4A91C671E006169AEB209E74CD85AEE7FB6FF49310F194699EA01E7281D735CC84CB68
                        Function 00554523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Variant$ClearInit
                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                        • API String ID: 2610073882-625585964
                        • Opcode ID: 30046a3ba8a1eacf83d6f93176c4275c5cce48b142171a54523a9a69079f4e86
                        • Instruction ID: 857104abfe7e1c83a783f6e026be525127a5d84939a7a790cdd4248305372dce
                        • Opcode Fuzzy Hash: 30046a3ba8a1eacf83d6f93176c4275c5cce48b142171a54523a9a69079f4e86
                        • Instruction Fuzzy Hash: F4919671910215ABDF20CFA5C854FAE7FB8FF45719F10855AF905AB180D7709989CF90
                        Function 00541187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                        Download Yara Rule
                        APIs
                        • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0054125C
                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00541284
                        • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 005412A8
                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005412D8
                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0054135F
                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005413C4
                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00541430
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ArraySafe$Data$Access$UnaccessVartype
                        • String ID:
                        • API String ID: 2550207440-0
                        • Opcode ID: a6c95d0838fd63832912932e6355e2b168717f034219065ad980d1748cdcf33e
                        • Instruction ID: 98ad5c4bdb364e23b508cac755883dc7beb319193989b56156db3f464ecaea88
                        • Opcode Fuzzy Hash: a6c95d0838fd63832912932e6355e2b168717f034219065ad980d1748cdcf33e
                        • Instruction Fuzzy Hash: 26911575A006099FDB00DF99C884BFEBBB5FF44319F10442AE540EB291D7B8A985CB98
                        Function 004E948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ObjectSelect$BeginCreatePath
                        • String ID:
                        • API String ID: 3225163088-0
                        • Opcode ID: 3e3269c20f2244593beba370ef9247d0cefacf57523b5ea9b4fa9f28b257d356
                        • Instruction ID: 5936d91c1fde2e46a1a5cb671d517563935aae3141813a74a47992eafd9c1e95
                        • Opcode Fuzzy Hash: 3e3269c20f2244593beba370ef9247d0cefacf57523b5ea9b4fa9f28b257d356
                        • Instruction Fuzzy Hash: 12912671904219EFCB10CFAACC84AEEBBB8FF49320F14455AE515B7291D778AD42CB64
                        Function 00553947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                        Download Yara Rule
                        APIs
                        • VariantInit.OLEAUT32(?), ref: 0055396B
                        • CharUpperBuffW.USER32(?,?), ref: 00553A7A
                        • _wcslen.LIBCMT ref: 00553A8A
                        • VariantClear.OLEAUT32(?), ref: 00553C1F
                          • Part of subcall function 00540CDF: VariantInit.OLEAUT32(00000000), ref: 00540D1F
                          • Part of subcall function 00540CDF: VariantCopy.OLEAUT32(?,?), ref: 00540D28
                          • Part of subcall function 00540CDF: VariantClear.OLEAUT32(?), ref: 00540D34
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                        • API String ID: 4137639002-1221869570
                        • Opcode ID: 2eb5147b944ab6af522e4350ffadfc9d81a2ab20a763dd60e12195751d16111d
                        • Instruction ID: 85509519731b8b63235dc43fb04c6d33cffb988f796edcda22f5445f5867e2c9
                        • Opcode Fuzzy Hash: 2eb5147b944ab6af522e4350ffadfc9d81a2ab20a763dd60e12195751d16111d
                        • Instruction Fuzzy Hash: BC919C746083059FC700DF25C4A486ABBE4FF88359F14892EF88987351DB35EE49CB82
                        Function 00554BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0053000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0052FF41,80070057,?,?,?,0053035E), ref: 0053002B
                          • Part of subcall function 0053000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0052FF41,80070057,?,?), ref: 00530046
                          • Part of subcall function 0053000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0052FF41,80070057,?,?), ref: 00530054
                          • Part of subcall function 0053000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0052FF41,80070057,?), ref: 00530064
                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00554C51
                        • _wcslen.LIBCMT ref: 00554D59
                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00554DCF
                        • CoTaskMemFree.OLE32(?), ref: 00554DDA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                        • String ID: NULL Pointer assignment
                        • API String ID: 614568839-2785691316
                        • Opcode ID: 39743d936c804c103acb29add8e121a29bd863a957dde21fd3d85001095e50c4
                        • Instruction ID: f43743a0258e3fa42c2f45767f253795a4ba9509b9c031e15dce92d449dfedb2
                        • Opcode Fuzzy Hash: 39743d936c804c103acb29add8e121a29bd863a957dde21fd3d85001095e50c4
                        • Instruction Fuzzy Hash: 24914971D0021D9FDF14DFA4D8A1AEEBBB8BF48308F10456AE915A7291DB749E48CF60
                        Function 005620FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenu.USER32(?), ref: 00562183
                        • GetMenuItemCount.USER32(00000000), ref: 005621B5
                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 005621DD
                        • _wcslen.LIBCMT ref: 00562213
                        • GetMenuItemID.USER32(?,?), ref: 0056224D
                        • GetSubMenu.USER32(?,?), ref: 0056225B
                          • Part of subcall function 00533A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00533A57
                          • Part of subcall function 00533A3D: GetCurrentThreadId.KERNEL32 ref: 00533A5E
                          • Part of subcall function 00533A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005325B3), ref: 00533A65
                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 005622E3
                          • Part of subcall function 0053E97B: Sleep.KERNEL32 ref: 0053E9F3
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                        • String ID:
                        • API String ID: 4196846111-0
                        • Opcode ID: fd5dc00e1416d8094430772ca9abc8a914c3013703df5c1b8bfe00a889635089
                        • Instruction ID: a1f1a6b13cc7476283d829c42661519f5a1b1fdf4e76d08c761716e77b14a4b1
                        • Opcode Fuzzy Hash: fd5dc00e1416d8094430772ca9abc8a914c3013703df5c1b8bfe00a889635089
                        • Instruction Fuzzy Hash: 9D718D75A00605AFCB10DFA9C895AAEBBF1FF88314F108459E816EB341DB74AE41CB90
                        Function 00567E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                        Download Yara Rule
                        APIs
                        • IsWindow.USER32(00D559F0), ref: 00567F37
                        • IsWindowEnabled.USER32(00D559F0), ref: 00567F43
                        • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0056801E
                        • SendMessageW.USER32(00D559F0,000000B0,?,?), ref: 00568051
                        • IsDlgButtonChecked.USER32(?,?), ref: 00568089
                        • GetWindowLongW.USER32(00D559F0,000000EC), ref: 005680AB
                        • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 005680C3
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                        • String ID:
                        • API String ID: 4072528602-0
                        • Opcode ID: ac5ff7b33cbb00ddf38fed91c94308376a33d7ad99026c529c6427a60aa9a32f
                        • Instruction ID: 96a6395e8e7dd46d31b79524aebd2c9c73b9b1bfa6cdd25ec3192446a1241e19
                        • Opcode Fuzzy Hash: ac5ff7b33cbb00ddf38fed91c94308376a33d7ad99026c529c6427a60aa9a32f
                        • Instruction Fuzzy Hash: EF71BC34608248AFEB209F64C888FBABFB9FF1E304F140459E95597361CB71A844DB10
                        Function 0053AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetParent.USER32(?), ref: 0053AEF9
                        • GetKeyboardState.USER32(?), ref: 0053AF0E
                        • SetKeyboardState.USER32(?), ref: 0053AF6F
                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 0053AF9D
                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 0053AFBC
                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 0053AFFD
                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0053B020
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessagePost$KeyboardState$Parent
                        • String ID:
                        • API String ID: 87235514-0
                        • Opcode ID: 84c7fb68b8bb86e0c0e2d8296f23cb2e3dcebac06cdf1d14569bf19748000a60
                        • Instruction ID: bf63e5effaa344544eebd49b78d862cdaab0bcc06213bdff4330c5ae42963a07
                        • Opcode Fuzzy Hash: 84c7fb68b8bb86e0c0e2d8296f23cb2e3dcebac06cdf1d14569bf19748000a60
                        • Instruction Fuzzy Hash: B451B2A06047D53DFB368238C849BBBBFA96B46304F088589F2D95A4D3D3D9ACC8D751
                        Function 0053ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetParent.USER32(00000000), ref: 0053AD19
                        • GetKeyboardState.USER32(?), ref: 0053AD2E
                        • SetKeyboardState.USER32(?), ref: 0053AD8F
                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0053ADBB
                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0053ADD8
                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0053AE17
                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0053AE38
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessagePost$KeyboardState$Parent
                        • String ID:
                        • API String ID: 87235514-0
                        • Opcode ID: caddb54cbb1db856e0598816f2352c01050876b56b0d4f9e5b2caa115046834b
                        • Instruction ID: 4344f9a0840e1c0d971d6ee97a4f272d99ef1d721825a1c70acb40c249e9d370
                        • Opcode Fuzzy Hash: caddb54cbb1db856e0598816f2352c01050876b56b0d4f9e5b2caa115046834b
                        • Instruction Fuzzy Hash: 4951B3A16047D53DFB378338CC55B7ABFA97B46304F088989E1D55A8C2D394EC88E762
                        Function 0050542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetConsoleCP.KERNEL32(00513CD6,?,?,?,?,?,?,?,?,00505BA3,?,?,00513CD6,?,?), ref: 00505470
                        • __fassign.LIBCMT ref: 005054EB
                        • __fassign.LIBCMT ref: 00505506
                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00513CD6,00000005,00000000,00000000), ref: 0050552C
                        • WriteFile.KERNEL32(?,00513CD6,00000000,00505BA3,00000000,?,?,?,?,?,?,?,?,?,00505BA3,?), ref: 0050554B
                        • WriteFile.KERNEL32(?,?,00000001,00505BA3,00000000,?,?,?,?,?,?,?,?,?,00505BA3,?), ref: 00505584
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                        • String ID:
                        • API String ID: 1324828854-0
                        • Opcode ID: ad6b5fbe4c8448e352cb3cf4910574e0a04ece8a1445ac8b27f40aa2d1d2c5af
                        • Instruction ID: d70cb3dc5145c152d76524a105811f70766d7162ddaee1e3fe97d0db37422d90
                        • Opcode Fuzzy Hash: ad6b5fbe4c8448e352cb3cf4910574e0a04ece8a1445ac8b27f40aa2d1d2c5af
                        • Instruction Fuzzy Hash: 11519E71A00649AFDB10CFA8DC85AEEBFF9FF19300F14451AE955E7292E6709A41CF60
                        Function 005510B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0055304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0055307A
                          • Part of subcall function 0055304E: _wcslen.LIBCMT ref: 0055309B
                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00551112
                        • WSAGetLastError.WSOCK32 ref: 00551121
                        • WSAGetLastError.WSOCK32 ref: 005511C9
                        • closesocket.WSOCK32(00000000), ref: 005511F9
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                        • String ID:
                        • API String ID: 2675159561-0
                        • Opcode ID: 6a099cfd8c11306c70194556ca2dc9c666997678c8b061545a06b77058899226
                        • Instruction ID: 4766dba0c8cc91dbc77de3f425958e379afe0bab91639fc928e9c7b9ca7258ef
                        • Opcode Fuzzy Hash: 6a099cfd8c11306c70194556ca2dc9c666997678c8b061545a06b77058899226
                        • Instruction Fuzzy Hash: 5B412931600A04AFDB109F24C894BA9BFE9FF45359F14805AFD469B291C774ED49CBE4
                        Function 0053CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0053DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0053CF22,?), ref: 0053DDFD
                          • Part of subcall function 0053DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0053CF22,?), ref: 0053DE16
                        • lstrcmpiW.KERNEL32(?,?), ref: 0053CF45
                        • MoveFileW.KERNEL32(?,?), ref: 0053CF7F
                        • _wcslen.LIBCMT ref: 0053D005
                        • _wcslen.LIBCMT ref: 0053D01B
                        • SHFileOperationW.SHELL32(?), ref: 0053D061
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                        • String ID: \*.*
                        • API String ID: 3164238972-1173974218
                        • Opcode ID: 6e224c8c995d30d0e33c0ec7fae0ba4fe227c4e26619c19e79128b58c642ec2a
                        • Instruction ID: eaca0da033e38c43b1f4aa47d2cce2c14341c522be93ce1a849a8cc912dc711f
                        • Opcode Fuzzy Hash: 6e224c8c995d30d0e33c0ec7fae0ba4fe227c4e26619c19e79128b58c642ec2a
                        • Instruction Fuzzy Hash: 704155759052195FDF12EBA4D985EEEBFB8BF48384F0000E6E545EB141EB34AA88CF50
                        Function 00562DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00562E1C
                        • GetWindowLongW.USER32(?,000000F0), ref: 00562E4F
                        • GetWindowLongW.USER32(?,000000F0), ref: 00562E84
                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00562EB6
                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00562EE0
                        • GetWindowLongW.USER32(?,000000F0), ref: 00562EF1
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00562F0B
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: LongWindow$MessageSend
                        • String ID:
                        • API String ID: 2178440468-0
                        • Opcode ID: 951bc8c82ffbdbefb236e62d7bed4a6c76685de5adc150e0826369d4caa554f5
                        • Instruction ID: 58ee68609a22e6bc2d959ad34e034a4fd8cb0c456c2c0f5b97c8063d88911d32
                        • Opcode Fuzzy Hash: 951bc8c82ffbdbefb236e62d7bed4a6c76685de5adc150e0826369d4caa554f5
                        • Instruction Fuzzy Hash: 75311230644641AFDB208F58DC84F653BE8FBAA710F140165F9508F2B1CBB2AC84EB05
                        Function 00537726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                        Download Yara Rule
                        APIs
                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00537769
                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0053778F
                        • SysAllocString.OLEAUT32(00000000), ref: 00537792
                        • SysAllocString.OLEAUT32(?), ref: 005377B0
                        • SysFreeString.OLEAUT32(?), ref: 005377B9
                        • StringFromGUID2.OLE32(?,?,00000028), ref: 005377DE
                        • SysAllocString.OLEAUT32(?), ref: 005377EC
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                        • String ID:
                        • API String ID: 3761583154-0
                        • Opcode ID: 2cda04eb898e3a5359d5687952b08724aa06928d7542e107cb926e9262d264db
                        • Instruction ID: b95cba8ef36c017e01db8cbfb733854d65d553cb32e7e76ce649696bc602a62b
                        • Opcode Fuzzy Hash: 2cda04eb898e3a5359d5687952b08724aa06928d7542e107cb926e9262d264db
                        • Instruction Fuzzy Hash: 0C219FB6A08219AFDF20DFADCC88CBA7BACFB09364B008426F914DB150D6709C45C764
                        Function 005377FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                        Download Yara Rule
                        APIs
                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00537842
                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00537868
                        • SysAllocString.OLEAUT32(00000000), ref: 0053786B
                        • SysAllocString.OLEAUT32 ref: 0053788C
                        • SysFreeString.OLEAUT32 ref: 00537895
                        • StringFromGUID2.OLE32(?,?,00000028), ref: 005378AF
                        • SysAllocString.OLEAUT32(?), ref: 005378BD
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                        • String ID:
                        • API String ID: 3761583154-0
                        • Opcode ID: fad4b2fd5b5cab88cfb5e84ac0b68cdfa8267e1ed52e9e538b780024ac548263
                        • Instruction ID: d4924ef52896c78a963f7d2adbcc74ac298cc0a70728f5f3c2f1f66b91346c2a
                        • Opcode Fuzzy Hash: fad4b2fd5b5cab88cfb5e84ac0b68cdfa8267e1ed52e9e538b780024ac548263
                        • Instruction Fuzzy Hash: 9021B571A04108AFDF209FADCC88DBABBACFB0D360B108125F914DB1A0DA70DC45CB64
                        Function 005404D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                        Download Yara Rule
                        APIs
                        • GetStdHandle.KERNEL32(0000000C), ref: 005404F2
                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0054052E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CreateHandlePipe
                        • String ID: nul
                        • API String ID: 1424370930-2873401336
                        • Opcode ID: 59fbc5868db2a26623a2418d5ce3ccd67977d326b60b4e97cbdb5d8e246c24ea
                        • Instruction ID: a43be5bc5b653e85036c354168fe6e9810646d5e1d18ed7d98bd35d8311bd565
                        • Opcode Fuzzy Hash: 59fbc5868db2a26623a2418d5ce3ccd67977d326b60b4e97cbdb5d8e246c24ea
                        • Instruction Fuzzy Hash: 7B215C75500305ABDF209F29D844AEA7FA4FF95728F304A19EAA1D72E0D7B09944DF20
                        Function 005405A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                        Download Yara Rule
                        APIs
                        • GetStdHandle.KERNEL32(000000F6), ref: 005405C6
                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00540601
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CreateHandlePipe
                        • String ID: nul
                        • API String ID: 1424370930-2873401336
                        • Opcode ID: 6ca2bea5f2eafa043d6a1b0830f82126a266bae46a13c82fb1e56e1c04883912
                        • Instruction ID: 2f34ce0c9c863bd3c53a31edd5b9aec3b7c6b22554731f88d62c107b3fe9dbe3
                        • Opcode Fuzzy Hash: 6ca2bea5f2eafa043d6a1b0830f82126a266bae46a13c82fb1e56e1c04883912
                        • Instruction Fuzzy Hash: 47217F755003059BDB209F698C04AEA7FA4BF95728F304A19EAE2E72E0D7B09860DB10
                        Function 005640AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004D604C
                          • Part of subcall function 004D600E: GetStockObject.GDI32(00000011), ref: 004D6060
                          • Part of subcall function 004D600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 004D606A
                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00564112
                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0056411F
                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0056412A
                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00564139
                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00564145
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$CreateObjectStockWindow
                        • String ID: Msctls_Progress32
                        • API String ID: 1025951953-3636473452
                        • Opcode ID: c157a9000c9041c3a122eb2914d2213ff0a56764156bad1b37955398e591ca28
                        • Instruction ID: ac798c7beb0ded20faca44c73bc3292a913b3c7da23c04f96f0eed382478da65
                        • Opcode Fuzzy Hash: c157a9000c9041c3a122eb2914d2213ff0a56764156bad1b37955398e591ca28
                        • Instruction Fuzzy Hash: 9A11D0B214021ABEEF118E64CC85EE77F5DFF09398F004111BA18A7150C6729C21DBA4
                        Function 0050D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0050D7A3: _free.LIBCMT ref: 0050D7CC
                        • _free.LIBCMT ref: 0050D82D
                          • Part of subcall function 005029C8: HeapFree.KERNEL32(00000000,00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000), ref: 005029DE
                          • Part of subcall function 005029C8: GetLastError.KERNEL32(00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000,00000000), ref: 005029F0
                        • _free.LIBCMT ref: 0050D838
                        • _free.LIBCMT ref: 0050D843
                        • _free.LIBCMT ref: 0050D897
                        • _free.LIBCMT ref: 0050D8A2
                        • _free.LIBCMT ref: 0050D8AD
                        • _free.LIBCMT ref: 0050D8B8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _free$ErrorFreeHeapLast
                        • String ID:
                        • API String ID: 776569668-0
                        • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                        • Instruction ID: 8b3d58571b22fa753dd475ca34e10410bd8ef8a6554e22d30ee0f9fe17638975
                        • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                        • Instruction Fuzzy Hash: E011F671940B05AADA21BFF4CC4EFCF7FACBF84700F404C25B29DA64D2DA69A5458660
                        Function 0053DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0053DA74
                        • LoadStringW.USER32(00000000), ref: 0053DA7B
                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0053DA91
                        • LoadStringW.USER32(00000000), ref: 0053DA98
                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0053DADC
                        Strings
                        • %s (%d) : ==> %s: %s %s, xrefs: 0053DAB9
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: HandleLoadModuleString$Message
                        • String ID: %s (%d) : ==> %s: %s %s
                        • API String ID: 4072794657-3128320259
                        • Opcode ID: aee25b1322fa7c386a22280a63fb22a76724e434421921a350d1a30fb409a2a3
                        • Instruction ID: cd033957372e35e554b07177bdeb506867af4751b5cb3315fbea6d546bec54d3
                        • Opcode Fuzzy Hash: aee25b1322fa7c386a22280a63fb22a76724e434421921a350d1a30fb409a2a3
                        • Instruction Fuzzy Hash: 8601FFF65002087BEB119BA89D89EFA7B6CE718701F404496F756E3041E6B49E889F74
                        Function 0054096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                        Download Yara Rule
                        APIs
                        • InterlockedExchange.KERNEL32(00D4D230,00D4D230), ref: 0054097B
                        • EnterCriticalSection.KERNEL32(00D4D210,00000000), ref: 0054098D
                        • TerminateThread.KERNEL32(?,000001F6), ref: 0054099B
                        • WaitForSingleObject.KERNEL32(?,000003E8), ref: 005409A9
                        • CloseHandle.KERNEL32(?), ref: 005409B8
                        • InterlockedExchange.KERNEL32(00D4D230,000001F6), ref: 005409C8
                        • LeaveCriticalSection.KERNEL32(00D4D210), ref: 005409CF
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                        • String ID:
                        • API String ID: 3495660284-0
                        • Opcode ID: 8a28f026f599b785289293c76b7a2408fd48e43a29412a09a4f96c6de8716472
                        • Instruction ID: c126ce1c720d881e0eff9ca3acca338e0eb115956a1ae767833e6fffbce75a92
                        • Opcode Fuzzy Hash: 8a28f026f599b785289293c76b7a2408fd48e43a29412a09a4f96c6de8716472
                        • Instruction Fuzzy Hash: A6F03131442502BBD7415FA8EE9CBE67F35FF11702F502015F281528A0C7B59469DFA0
                        Function 004D5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                        Download Yara Rule
                        APIs
                        • GetClientRect.USER32(?,?), ref: 004D5D30
                        • GetWindowRect.USER32(?,?), ref: 004D5D71
                        • ScreenToClient.USER32(?,?), ref: 004D5D99
                        • GetClientRect.USER32(?,?), ref: 004D5ED7
                        • GetWindowRect.USER32(?,?), ref: 004D5EF8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Rect$Client$Window$Screen
                        • String ID:
                        • API String ID: 1296646539-0
                        • Opcode ID: d60594f30f9a25ad6d30ea5b1aed2e7bb3423962122960468b44cccaef33cd7b
                        • Instruction ID: 32507f4ab6a044e79e25feaf3a71a45c44a957aa8e7d44baea00352e7d1fabe6
                        • Opcode Fuzzy Hash: d60594f30f9a25ad6d30ea5b1aed2e7bb3423962122960468b44cccaef33cd7b
                        • Instruction Fuzzy Hash: CAB16834A0068ADBDB10DFA8C4807EEBBF1FF58310F14951AE8A9D7350DB34AA91DB55
                        Function 005001B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                        Download Yara Rule
                        APIs
                        • __allrem.LIBCMT ref: 005000BA
                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005000D6
                        • __allrem.LIBCMT ref: 005000ED
                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0050010B
                        • __allrem.LIBCMT ref: 00500122
                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00500140
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                        • String ID:
                        • API String ID: 1992179935-0
                        • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                        • Instruction ID: 9c440908fa347867d2f6b820f3db02d33ae63b69940830b464445d014698db63
                        • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                        • Instruction Fuzzy Hash: 4F810572A00B069BE7209E68CC85B6F7BA9BF81724F24453BF651D72C1E774D9408794
                        Function 00551D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00553149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0055101C,00000000,?,?,00000000), ref: 00553195
                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00551DC0
                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00551DE1
                        • WSAGetLastError.WSOCK32 ref: 00551DF2
                        • inet_ntoa.WSOCK32(?), ref: 00551E8C
                        • htons.WSOCK32(?,?,?,?,?), ref: 00551EDB
                        • _strlen.LIBCMT ref: 00551F35
                          • Part of subcall function 005339E8: _strlen.LIBCMT ref: 005339F2
                          • Part of subcall function 004D6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,004ECF58,?,?,?), ref: 004D6DBA
                          • Part of subcall function 004D6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,004ECF58,?,?,?), ref: 004D6DED
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                        • String ID:
                        • API String ID: 1923757996-0
                        • Opcode ID: 7f25acd1206c63de392ed08c3d00e7ea3a2ff5a47579340bebccc5bf76ec1110
                        • Instruction ID: 6a44e12c002161f147176b8954171c9f9501d81452fdecedafa97044104b9678
                        • Opcode Fuzzy Hash: 7f25acd1206c63de392ed08c3d00e7ea3a2ff5a47579340bebccc5bf76ec1110
                        • Instruction Fuzzy Hash: 4EA1E130204740AFC320DF25C8A5F2A7FA5BF84318F54894EF8565B2A2CB75ED4ACB95
                        Function 005061FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                        Download Yara Rule
                        APIs
                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,004F82D9,004F82D9,?,?,?,0050644F,00000001,00000001,8BE85006), ref: 00506258
                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0050644F,00000001,00000001,8BE85006,?,?,?), ref: 005062DE
                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 005063D8
                        • __freea.LIBCMT ref: 005063E5
                          • Part of subcall function 00503820: RtlAllocateHeap.NTDLL(00000000,?,005A1444,?,004EFDF5,?,?,004DA976,00000010,005A1440,004D13FC,?,004D13C6,?,004D1129), ref: 00503852
                        • __freea.LIBCMT ref: 005063EE
                        • __freea.LIBCMT ref: 00506413
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                        • String ID:
                        • API String ID: 1414292761-0
                        • Opcode ID: 6515fbce2dfeab3d38e6cdcad19fc2a17eeaa50585958d373595f8e5315c12b2
                        • Instruction ID: 9435d59ffd1b0fd365f63530f126c98daabf77b00e33bff1f7196525dcbed6db
                        • Opcode Fuzzy Hash: 6515fbce2dfeab3d38e6cdcad19fc2a17eeaa50585958d373595f8e5315c12b2
                        • Instruction Fuzzy Hash: 7E51AE72A00216ABEB258F64DC85EAF7EA9FF84750F154A29F805DB1C0DB34DC64D6A0
                        Function 0055BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                          • Part of subcall function 0055C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0055B6AE,?,?), ref: 0055C9B5
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055C9F1
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055CA68
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055CA9E
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0055BCCA
                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0055BD25
                        • RegCloseKey.ADVAPI32(00000000), ref: 0055BD6A
                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0055BD99
                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0055BDF3
                        • RegCloseKey.ADVAPI32(?), ref: 0055BDFF
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                        • String ID:
                        • API String ID: 1120388591-0
                        • Opcode ID: 5b1f0cacd40817da53ac212b7a20e962f74749a3be2c2dc8c7984bb162d98a5a
                        • Instruction ID: f026665220da2529024db685ea135d73b7a5492b7192072323a981bc60b1cf2d
                        • Opcode Fuzzy Hash: 5b1f0cacd40817da53ac212b7a20e962f74749a3be2c2dc8c7984bb162d98a5a
                        • Instruction Fuzzy Hash: 70818170208241AFD714DF14C8A9E2ABBF5FF84308F14495EF8554B2A2DB31ED49CB92
                        Function 0052F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VariantInit.OLEAUT32(00000035), ref: 0052F7B9
                        • SysAllocString.OLEAUT32(00000001), ref: 0052F860
                        • VariantCopy.OLEAUT32(0052FA64,00000000), ref: 0052F889
                        • VariantClear.OLEAUT32(0052FA64), ref: 0052F8AD
                        • VariantCopy.OLEAUT32(0052FA64,00000000), ref: 0052F8B1
                        • VariantClear.OLEAUT32(?), ref: 0052F8BB
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Variant$ClearCopy$AllocInitString
                        • String ID:
                        • API String ID: 3859894641-0
                        • Opcode ID: 222652acd24cfc5c6d54109f2bec6605e0af2bc87c9089862dd1ed738848206e
                        • Instruction ID: 6c4cd17f39af26d362e3db538ee49dfa556dbf99b194abbd2f1bcf164ae33c4a
                        • Opcode Fuzzy Hash: 222652acd24cfc5c6d54109f2bec6605e0af2bc87c9089862dd1ed738848206e
                        • Instruction Fuzzy Hash: C051B631500321BACF10AB66F895B29BBB4FF56315B24547BE906DF2D1DB748C80C7AA
                        Function 0054910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D7620: _wcslen.LIBCMT ref: 004D7625
                          • Part of subcall function 004D6B57: _wcslen.LIBCMT ref: 004D6B6A
                        • GetOpenFileNameW.COMDLG32(00000058), ref: 005494E5
                        • _wcslen.LIBCMT ref: 00549506
                        • _wcslen.LIBCMT ref: 0054952D
                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00549585
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$FileName$OpenSave
                        • String ID: X
                        • API String ID: 83654149-3081909835
                        • Opcode ID: 97e0efc13d3212d06310aceda46c19f347d3bf0996826601f0da3fb974b18bd4
                        • Instruction ID: d362b53e2846bcc0782dd697850c349172e32ac9e7df9ec6c471f4a3b9a0fa4a
                        • Opcode Fuzzy Hash: 97e0efc13d3212d06310aceda46c19f347d3bf0996826601f0da3fb974b18bd4
                        • Instruction Fuzzy Hash: 24E1B4315083409FD714DF25C492AABBBE0BF85318F14896EF8899B3A2DB35DD05CB96
                        Function 004E920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004E9BB2
                        • BeginPaint.USER32(?,?,?), ref: 004E9241
                        • GetWindowRect.USER32(?,?), ref: 004E92A5
                        • ScreenToClient.USER32(?,?), ref: 004E92C2
                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 004E92D3
                        • EndPaint.USER32(?,?,?,?,?), ref: 004E9321
                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 005271EA
                          • Part of subcall function 004E9339: BeginPath.GDI32(00000000), ref: 004E9357
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                        • String ID:
                        • API String ID: 3050599898-0
                        • Opcode ID: 20192bc8b71a71f94b78d139ca34a1651fafaea7fa0004a6c2202a855659bd55
                        • Instruction ID: 349641952a8ca17f264d2a99fda75b09ff0ccfb6044c6854b1d10350f325088e
                        • Opcode Fuzzy Hash: 20192bc8b71a71f94b78d139ca34a1651fafaea7fa0004a6c2202a855659bd55
                        • Instruction Fuzzy Hash: 2E41D130104240AFD710DF25D884FBB7BA8FF5A321F10066AF9A4872E1C7749C49EB66
                        Function 005407EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                        Download Yara Rule
                        APIs
                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 0054080C
                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00540847
                        • EnterCriticalSection.KERNEL32(?), ref: 00540863
                        • LeaveCriticalSection.KERNEL32(?), ref: 005408DC
                        • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 005408F3
                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00540921
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                        • String ID:
                        • API String ID: 3368777196-0
                        • Opcode ID: 55781ff2767d3811326a056912f684acbe490e0406d06e764699c7f4741eb135
                        • Instruction ID: 5457f96bd94bc034acc58e546d8476103b7b26b1b07eda84a1aa5d3df4584fed
                        • Opcode Fuzzy Hash: 55781ff2767d3811326a056912f684acbe490e0406d06e764699c7f4741eb135
                        • Instruction Fuzzy Hash: 4B419C31900205EBDF04AF59DC85AAA7B78FF44304F1040A9EE009B297DB74EE64DBA4
                        Function 005681DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                        Download Yara Rule
                        APIs
                        • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0052F3AB,00000000,?,?,00000000,?,0052682C,00000004,00000000,00000000), ref: 0056824C
                        • EnableWindow.USER32(?,00000000), ref: 00568272
                        • ShowWindow.USER32(FFFFFFFF,00000000), ref: 005682D1
                        • ShowWindow.USER32(?,00000004), ref: 005682E5
                        • EnableWindow.USER32(?,00000001), ref: 0056830B
                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0056832F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$Show$Enable$MessageSend
                        • String ID:
                        • API String ID: 642888154-0
                        • Opcode ID: ab63097c01c27164a02b56ce3232bc801fce3c9e137a369e769c18e0532de553
                        • Instruction ID: bcb15576038450a3a165721d09a3a24cb695f2af7ad8d9a7d832fb1ea165d041
                        • Opcode Fuzzy Hash: ab63097c01c27164a02b56ce3232bc801fce3c9e137a369e769c18e0532de553
                        • Instruction Fuzzy Hash: 7141D334601A40AFDB21CF19CCA9BF47FE0FB1AB14F1803A9E5484F2A2CB31A845DB44
                        Function 00534C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                        Download Yara Rule
                        APIs
                        • IsWindowVisible.USER32(?), ref: 00534C95
                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00534CB2
                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00534CEA
                        • _wcslen.LIBCMT ref: 00534D08
                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00534D10
                        • _wcsstr.LIBVCRUNTIME ref: 00534D1A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                        • String ID:
                        • API String ID: 72514467-0
                        • Opcode ID: 64b71f85e075c149007a5f8dedce2d68c57bcb1471c820ddd4c612203697afbc
                        • Instruction ID: b279e90878e6d364c4308131ea1a6dd0c09d2334b156b7019427b7631c6255be
                        • Opcode Fuzzy Hash: 64b71f85e075c149007a5f8dedce2d68c57bcb1471c820ddd4c612203697afbc
                        • Instruction Fuzzy Hash: A221D472204244BBEB159B3EEC49E7B7F9CEF45750F10842EF805CE191EAB5EC019AA4
                        Function 0054581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004D3A97,?,?,004D2E7F,?,?,?,00000000), ref: 004D3AC2
                        • _wcslen.LIBCMT ref: 0054587B
                        • CoInitialize.OLE32(00000000), ref: 00545995
                        • CoCreateInstance.OLE32(0056FCF8,00000000,00000001,0056FB68,?), ref: 005459AE
                        • CoUninitialize.OLE32 ref: 005459CC
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                        • String ID: .lnk
                        • API String ID: 3172280962-24824748
                        • Opcode ID: b9ca1b2046a3983cc8753a0573f0bca0e355c6bb79d84568aefdc24b91ee3a7f
                        • Instruction ID: 0997fefe0b82995c51b01bda556fbaef7b6e048bb28a6252d5395d98cf2a42f8
                        • Opcode Fuzzy Hash: b9ca1b2046a3983cc8753a0573f0bca0e355c6bb79d84568aefdc24b91ee3a7f
                        • Instruction Fuzzy Hash: 8FD165716087019FC714DF25C49096ABBE1FF89718F14495EF88A9B362EB31EC45CB92
                        Function 0053175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00530FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00530FCA
                          • Part of subcall function 00530FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00530FD6
                          • Part of subcall function 00530FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00530FE5
                          • Part of subcall function 00530FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00530FEC
                          • Part of subcall function 00530FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00531002
                        • GetLengthSid.ADVAPI32(?,00000000,00531335), ref: 005317AE
                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 005317BA
                        • HeapAlloc.KERNEL32(00000000), ref: 005317C1
                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 005317DA
                        • GetProcessHeap.KERNEL32(00000000,00000000,00531335), ref: 005317EE
                        • HeapFree.KERNEL32(00000000), ref: 005317F5
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                        • String ID:
                        • API String ID: 3008561057-0
                        • Opcode ID: ec5d00a2b031c0865292e88c3b0918a98a79326667cc19d4e098740134f1332d
                        • Instruction ID: 038c6134f628fdd27e57f369fd5365f561288524c2e97661c0eb930d71f4b08b
                        • Opcode Fuzzy Hash: ec5d00a2b031c0865292e88c3b0918a98a79326667cc19d4e098740134f1332d
                        • Instruction Fuzzy Hash: 8D11BE31500A05FFDB249FA8CC49BBE7FA9FB42355F184018F48197210C776A948DB74
                        Function 005314CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                        Download Yara Rule
                        APIs
                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 005314FF
                        • OpenProcessToken.ADVAPI32(00000000), ref: 00531506
                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00531515
                        • CloseHandle.KERNEL32(00000004), ref: 00531520
                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0053154F
                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 00531563
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                        • String ID:
                        • API String ID: 1413079979-0
                        • Opcode ID: 981cfc1f076faeb7be01194edffe85ddc0c2edd7811d140876b40587b4b5d763
                        • Instruction ID: a707c0df030faf3d5add3ed2620ab6e39384a4ea72016c217ac73d4bb584713a
                        • Opcode Fuzzy Hash: 981cfc1f076faeb7be01194edffe85ddc0c2edd7811d140876b40587b4b5d763
                        • Instruction Fuzzy Hash: 11112672600249ABDF118FA8DD49FEE7FA9FF48744F044029FA45A2160C3B58E65EB64
                        Function 004F3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetLastError.KERNEL32(?,?,004F3379,004F2FE5), ref: 004F3390
                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004F339E
                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004F33B7
                        • SetLastError.KERNEL32(00000000,?,004F3379,004F2FE5), ref: 004F3409
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorLastValue___vcrt_
                        • String ID:
                        • API String ID: 3852720340-0
                        • Opcode ID: 571666770d19f456b4170bb731064999250e597056ff09b6d956f9fe81059f85
                        • Instruction ID: 1370ba6bc873dd845b24fb0c6d55ef4be2edd89bcff12468518108bdbd777ba6
                        • Opcode Fuzzy Hash: 571666770d19f456b4170bb731064999250e597056ff09b6d956f9fe81059f85
                        • Instruction Fuzzy Hash: D701F532208319AEA6252F757C89A3B2E94EB2577FB20022FFA10813F1EF595D19614C
                        Function 00502D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetLastError.KERNEL32(?,?,00505686,00513CD6,?,00000000,?,00505B6A,?,?,?,?,?,004FE6D1,?,00598A48), ref: 00502D78
                        • _free.LIBCMT ref: 00502DAB
                        • _free.LIBCMT ref: 00502DD3
                        • SetLastError.KERNEL32(00000000,?,?,?,?,004FE6D1,?,00598A48,00000010,004D4F4A,?,?,00000000,00513CD6), ref: 00502DE0
                        • SetLastError.KERNEL32(00000000,?,?,?,?,004FE6D1,?,00598A48,00000010,004D4F4A,?,?,00000000,00513CD6), ref: 00502DEC
                        • _abort.LIBCMT ref: 00502DF2
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorLast$_free$_abort
                        • String ID:
                        • API String ID: 3160817290-0
                        • Opcode ID: 61cfb01345523810a119e9822afe6fe8e99267a13e1709cc475717880b79dff6
                        • Instruction ID: 5348d2c9bd3eb07c20a9f6d72725cf289ed03759cfbacdd151ca0d4a722aef6c
                        • Opcode Fuzzy Hash: 61cfb01345523810a119e9822afe6fe8e99267a13e1709cc475717880b79dff6
                        • Instruction Fuzzy Hash: A2F0A437604A0267C7123738AC0EA2E2E59BFD27A5F254819F829922E2EE648C066160
                        Function 00568A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004E9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 004E9693
                          • Part of subcall function 004E9639: SelectObject.GDI32(?,00000000), ref: 004E96A2
                          • Part of subcall function 004E9639: BeginPath.GDI32(?), ref: 004E96B9
                          • Part of subcall function 004E9639: SelectObject.GDI32(?,00000000), ref: 004E96E2
                        • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00568A4E
                        • LineTo.GDI32(?,00000003,00000000), ref: 00568A62
                        • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00568A70
                        • LineTo.GDI32(?,00000000,00000003), ref: 00568A80
                        • EndPath.GDI32(?), ref: 00568A90
                        • StrokePath.GDI32(?), ref: 00568AA0
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                        • String ID:
                        • API String ID: 43455801-0
                        • Opcode ID: b3078adce5eee34b7a99d8c8674d9bfc0c6a17ceebdd156b77cf41da4a26a3ad
                        • Instruction ID: c6ff1322dc327f5fd20dd184abb77baf9cc619da752e0e83341a1989360feb52
                        • Opcode Fuzzy Hash: b3078adce5eee34b7a99d8c8674d9bfc0c6a17ceebdd156b77cf41da4a26a3ad
                        • Instruction Fuzzy Hash: 79111B7600010CFFDF129F94DC88EAA7F6CEB193A4F008052FA599A1A1C7719D59EFA0
                        Function 005351FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                        Download Yara Rule
                        APIs
                        • GetDC.USER32(00000000), ref: 00535218
                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00535229
                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00535230
                        • ReleaseDC.USER32(00000000,00000000), ref: 00535238
                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0053524F
                        • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00535261
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CapsDevice$Release
                        • String ID:
                        • API String ID: 1035833867-0
                        • Opcode ID: 8a57a3656c38dbc8e59bbf4b40409305ff6aa4a7926edb773550db6a1e1b2901
                        • Instruction ID: 3eebcee0659f006ed98a5f277e78026a1bf8f203ad5c9c56165ff10320cec4cb
                        • Opcode Fuzzy Hash: 8a57a3656c38dbc8e59bbf4b40409305ff6aa4a7926edb773550db6a1e1b2901
                        • Instruction Fuzzy Hash: 3E01A275E00718BBEB109BA99C49E5EBFB8FF58351F044066FA04A7280D6B09C04DFA0
                        Function 004D1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                        Download Yara Rule
                        APIs
                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 004D1BF4
                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 004D1BFC
                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004D1C07
                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004D1C12
                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 004D1C1A
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 004D1C22
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Virtual
                        • String ID:
                        • API String ID: 4278518827-0
                        • Opcode ID: 395b5c8375f8b8f571c3c3783444109c969c338b9497c7882effc89b61b3c928
                        • Instruction ID: 8dd209bf56b2f7d947b449b77f72c11df03fb32b2119638df1f519026ac88892
                        • Opcode Fuzzy Hash: 395b5c8375f8b8f571c3c3783444109c969c338b9497c7882effc89b61b3c928
                        • Instruction Fuzzy Hash: 8C016CB090275A7DE3008F5A8C85B52FFA8FF19354F00411BD15C4B941C7F5A864CBE5
                        Function 0053EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0053EB30
                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0053EB46
                        • GetWindowThreadProcessId.USER32(?,?), ref: 0053EB55
                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0053EB64
                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0053EB6E
                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0053EB75
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                        • String ID:
                        • API String ID: 839392675-0
                        • Opcode ID: 7d341e3ab24ea7e60c3338b6cc73370e54e03a33f7b9ff0895f7f6b411c058bb
                        • Instruction ID: 90b9e9ce21e8370d29b39dbec23a57724301048860b5d110c032ee08784ddcf9
                        • Opcode Fuzzy Hash: 7d341e3ab24ea7e60c3338b6cc73370e54e03a33f7b9ff0895f7f6b411c058bb
                        • Instruction Fuzzy Hash: 1EF06772200118BBE6216B6ADC0EEBB3E7CEFDBB11F000158F642D209097E01A05E6B9
                        Function 00527439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetClientRect.USER32(?), ref: 00527452
                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 00527469
                        • GetWindowDC.USER32(?), ref: 00527475
                        • GetPixel.GDI32(00000000,?,?), ref: 00527484
                        • ReleaseDC.USER32(?,00000000), ref: 00527496
                        • GetSysColor.USER32(00000005), ref: 005274B0
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                        • String ID:
                        • API String ID: 272304278-0
                        • Opcode ID: 2bba4635d64249eca9843404a2b375e8d0b51be6d3298ab2eb0b80ead28a66b9
                        • Instruction ID: 0a20370662d818340bdb07578508c195d8f5a2eb9a2b36b070345bba11f054af
                        • Opcode Fuzzy Hash: 2bba4635d64249eca9843404a2b375e8d0b51be6d3298ab2eb0b80ead28a66b9
                        • Instruction Fuzzy Hash: 8E017831400219EFDB10AFA8EC08BBA7FB5FF29311F1041A0F956A31A0CB711E45AB51
                        Function 00531874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                        Download Yara Rule
                        APIs
                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0053187F
                        • UnloadUserProfile.USERENV(?,?), ref: 0053188B
                        • CloseHandle.KERNEL32(?), ref: 00531894
                        • CloseHandle.KERNEL32(?), ref: 0053189C
                        • GetProcessHeap.KERNEL32(00000000,?), ref: 005318A5
                        • HeapFree.KERNEL32(00000000), ref: 005318AC
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                        • String ID:
                        • API String ID: 146765662-0
                        • Opcode ID: ba0938ba88f52c11d870c75d23351f3abb02c0b6516550b3e2e31ca5b0831ce4
                        • Instruction ID: 70149ea2f7bbe24984d23bad99a81140564f264b08b75876978fbf8271ba457f
                        • Opcode Fuzzy Hash: ba0938ba88f52c11d870c75d23351f3abb02c0b6516550b3e2e31ca5b0831ce4
                        • Instruction Fuzzy Hash: 9BE01236104101BFDB016FAAED0CD15BF39FF6A7227108625F26582170CBB25464EF60
                        Function 004DBBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                        Download Yara Rule
                        APIs
                        • __Init_thread_footer.LIBCMT ref: 004DBEB3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Init_thread_footer
                        • String ID: D%Z$D%Z$D%Z$D%ZD%Z
                        • API String ID: 1385522511-2844297650
                        • Opcode ID: 881a83bd46ce8ad1054c7b29d22ff11344ad0dfb5fe7dc6e3160daaf55fa57d3
                        • Instruction ID: e6ad0774b11eb81b8046138ac9b90b4fabf61c0afea85627a3ab3f493f901f1e
                        • Opcode Fuzzy Hash: 881a83bd46ce8ad1054c7b29d22ff11344ad0dfb5fe7dc6e3160daaf55fa57d3
                        • Instruction Fuzzy Hash: A3914A75A0020ACFCB14CF59C0A16AABBF2FF59710F25816FD941AB350E735A981DBD4
                        Function 00557B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004F0242: EnterCriticalSection.KERNEL32(005A070C,005A1884,?,?,004E198B,005A2518,?,?,?,004D12F9,00000000), ref: 004F024D
                          • Part of subcall function 004F0242: LeaveCriticalSection.KERNEL32(005A070C,?,004E198B,005A2518,?,?,?,004D12F9,00000000), ref: 004F028A
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                          • Part of subcall function 004F00A3: __onexit.LIBCMT ref: 004F00A9
                        • __Init_thread_footer.LIBCMT ref: 00557BFB
                          • Part of subcall function 004F01F8: EnterCriticalSection.KERNEL32(005A070C,?,?,004E8747,005A2514), ref: 004F0202
                          • Part of subcall function 004F01F8: LeaveCriticalSection.KERNEL32(005A070C,?,004E8747,005A2514), ref: 004F0235
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                        • String ID: +TR$5$G$Variable must be of type 'Object'.
                        • API String ID: 535116098-3682120210
                        • Opcode ID: a113de554c5cfc039e59e1bbf647e020a3a483913dcdb9583ca1e7bd7d8313ed
                        • Instruction ID: d47337b8982169b69e008bbc57c6a87660ce2673e602f228830a5cb2080333a8
                        • Opcode Fuzzy Hash: a113de554c5cfc039e59e1bbf647e020a3a483913dcdb9583ca1e7bd7d8313ed
                        • Instruction Fuzzy Hash: 4D918970A04209AFCB04EF54E8A59BDBBB1FF49305F10845EFC169B292DB71AE49CB51
                        Function 0053C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D7620: _wcslen.LIBCMT ref: 004D7625
                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0053C6EE
                        • _wcslen.LIBCMT ref: 0053C735
                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0053C79C
                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0053C7CA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ItemMenu$Info_wcslen$Default
                        • String ID: 0
                        • API String ID: 1227352736-4108050209
                        • Opcode ID: c026532b91dfc91da3582acdb6eff478812a61dece36ce9c7e6088ede8ee9621
                        • Instruction ID: 8a9009f6644313f14ed0f91bc2ba44dd2f13364c24f0d6b6ab6261eb5a18343f
                        • Opcode Fuzzy Hash: c026532b91dfc91da3582acdb6eff478812a61dece36ce9c7e6088ede8ee9621
                        • Instruction Fuzzy Hash: 4F51CF716043019BD7159F29C889B6BBFE8FF89314F040A2EF996F31A0DB64D904DB56
                        Function 0053719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00537206
                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0053723C
                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0053724D
                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 005372CF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorMode$AddressCreateInstanceProc
                        • String ID: DllGetClassObject
                        • API String ID: 753597075-1075368562
                        • Opcode ID: 1236f309b3248ad8c3b685a44937863c7fad10a5af3e30bf9aeb5a75345f33f1
                        • Instruction ID: 62aae11908c32e6238a860041064244846a0de7f785fdf72726fdf2c48f1f116
                        • Opcode Fuzzy Hash: 1236f309b3248ad8c3b685a44937863c7fad10a5af3e30bf9aeb5a75345f33f1
                        • Instruction Fuzzy Hash: B8413DB5A04209EFDB25CF54C884A9B7FA9FF49310F1484A9FD059F20AD7B1DA44DBA0
                        Function 00563D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00563E35
                        • IsMenu.USER32(?), ref: 00563E4A
                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00563E92
                        • DrawMenuBar.USER32 ref: 00563EA5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Menu$Item$DrawInfoInsert
                        • String ID: 0
                        • API String ID: 3076010158-4108050209
                        • Opcode ID: 2e05a96ce297ffc308847b3d95718378ac4cbe214dfa61ae37eb2492b310163f
                        • Instruction ID: a05575ee10180ab337bb8bbaa01aa567c1783c0bf3485542ae29fd3f3600ce14
                        • Opcode Fuzzy Hash: 2e05a96ce297ffc308847b3d95718378ac4cbe214dfa61ae37eb2492b310163f
                        • Instruction Fuzzy Hash: 2D416675A01209EFDB10DFA4D884EAABBF9FF49354F04412AF905AB250DB35AE44DF60
                        Function 00531DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                          • Part of subcall function 00533CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00533CCA
                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00531E66
                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00531E79
                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 00531EA9
                          • Part of subcall function 004D6B57: _wcslen.LIBCMT ref: 004D6B6A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$_wcslen$ClassName
                        • String ID: ComboBox$ListBox
                        • API String ID: 2081771294-1403004172
                        • Opcode ID: 138f88caa13e2f5749ff03f2701a9c09c03bad90e1b6d7f2e4b11cb106133297
                        • Instruction ID: 4dd5fe9dce94f9d62a48b44033b69bae98eb804da0d5163656928672d4325ca6
                        • Opcode Fuzzy Hash: 138f88caa13e2f5749ff03f2701a9c09c03bad90e1b6d7f2e4b11cb106133297
                        • Instruction Fuzzy Hash: 09212371A00104AEDB14AB79DC59CFFBFBDEF41394F10411AF821A72E0DB794D09A624
                        Function 0055C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen
                        • String ID: HKEY_LOCAL_MACHINE$HKLM
                        • API String ID: 176396367-4004644295
                        • Opcode ID: e186269f21d61260b27c47a945d06eb8eac93415fd5a6f6103052687dce73013
                        • Instruction ID: 80be9d1d5e949e62f40f9dbd67c7a8d489c98aee12c81e530837f9447c64ec38
                        • Opcode Fuzzy Hash: e186269f21d61260b27c47a945d06eb8eac93415fd5a6f6103052687dce73013
                        • Instruction Fuzzy Hash: 5931E372A0066D4ECB20DE6DD8604BE3F917BA1796B05402BEC45AB245EA70CE48D3A0
                        Function 00562F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00562F8D
                        • LoadLibraryW.KERNEL32(?), ref: 00562F94
                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00562FA9
                        • DestroyWindow.USER32(?), ref: 00562FB1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$DestroyLibraryLoadWindow
                        • String ID: SysAnimate32
                        • API String ID: 3529120543-1011021900
                        • Opcode ID: 90c8b04c1765ec5741dd1148bd489b629bd6ae212c19f11ce1b24959e468aa8a
                        • Instruction ID: becb3f84ba62496f0120e6777d8a3809aa16882148efe3812e6c4d5d49d03e45
                        • Opcode Fuzzy Hash: 90c8b04c1765ec5741dd1148bd489b629bd6ae212c19f11ce1b24959e468aa8a
                        • Instruction Fuzzy Hash: 8D21DE71200605ABEB104FA8DC82EBBBBBDFF59368F104619F950D7190C7B1DC41A760
                        Function 004F4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,004F4D1E,005028E9,?,004F4CBE,005028E9,005988B8,0000000C,004F4E15,005028E9,00000002), ref: 004F4D8D
                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004F4DA0
                        • FreeLibrary.KERNEL32(00000000,?,?,?,004F4D1E,005028E9,?,004F4CBE,005028E9,005988B8,0000000C,004F4E15,005028E9,00000002,00000000), ref: 004F4DC3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: AddressFreeHandleLibraryModuleProc
                        • String ID: CorExitProcess$mscoree.dll
                        • API String ID: 4061214504-1276376045
                        • Opcode ID: 2b3969cba7ff0434cd637bedce52546f3829590c0b84e452d8edb08f1ba1521e
                        • Instruction ID: 94d3adedf8d201d486876a0227db018a774a969b3bd24ff75c0bed939f84ea12
                        • Opcode Fuzzy Hash: 2b3969cba7ff0434cd637bedce52546f3829590c0b84e452d8edb08f1ba1521e
                        • Instruction Fuzzy Hash: 49F08C30A00208ABDB149B94DC09BBEBFE4EB94712F0000AAE909A62A0CF745944EB94
                        Function 004D4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,004D4EDD,?,005A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004D4E9C
                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 004D4EAE
                        • FreeLibrary.KERNEL32(00000000,?,?,004D4EDD,?,005A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004D4EC0
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Library$AddressFreeLoadProc
                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                        • API String ID: 145871493-3689287502
                        • Opcode ID: 05c751734f28366e5c8092c61bd2e4d30808a5aa977b143b60b2d1cd92044dee
                        • Instruction ID: 288ae124b65739e67755df63606efa6f0d6e97c9e14cd688fa693736cdc5d374
                        • Opcode Fuzzy Hash: 05c751734f28366e5c8092c61bd2e4d30808a5aa977b143b60b2d1cd92044dee
                        • Instruction Fuzzy Hash: 07E08635A016226BD22117296C28A7B6F58AFD3B637090117FC40D3310DFB4CD05D0A4
                        Function 004D4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00513CDE,?,005A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004D4E62
                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 004D4E74
                        • FreeLibrary.KERNEL32(00000000,?,?,00513CDE,?,005A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004D4E87
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Library$AddressFreeLoadProc
                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                        • API String ID: 145871493-1355242751
                        • Opcode ID: c5b1d8354925cc5d65c269b0055aeaf15bfa1ee0f6480665713762ceb4f155d3
                        • Instruction ID: 531c69bf506fb6be1c79e6ddfcf020da0832b223435576c82e15ee262d43cd51
                        • Opcode Fuzzy Hash: c5b1d8354925cc5d65c269b0055aeaf15bfa1ee0f6480665713762ceb4f155d3
                        • Instruction Fuzzy Hash: B7D0C231502661678A221B28AC28DAB2F18BFC6B613050213F840A7310CFB4CD01D5D4
                        Function 00542947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                        Download Yara Rule
                        APIs
                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00542C05
                        • DeleteFileW.KERNEL32(?), ref: 00542C87
                        • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00542C9D
                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00542CAE
                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00542CC0
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: File$Delete$Copy
                        • String ID:
                        • API String ID: 3226157194-0
                        • Opcode ID: 84df37eb9762ce42f42db7a57f9a691b5350b21d09ec1a3500825486dc8c5bae
                        • Instruction ID: c1250dafc9cdb8d0618e95418aa0a2c2b10e91921667ba5eb7ce792f0b7a1779
                        • Opcode Fuzzy Hash: 84df37eb9762ce42f42db7a57f9a691b5350b21d09ec1a3500825486dc8c5bae
                        • Instruction Fuzzy Hash: 19B16D71D00129ABDF11DBA5CC89EEEBB7DFF48308F4040AAF609E7141EA349A448F65
                        Function 0055A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                        Download Yara Rule
                        APIs
                        • GetCurrentProcessId.KERNEL32 ref: 0055A427
                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0055A435
                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0055A468
                        • CloseHandle.KERNEL32(?), ref: 0055A63D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Process$CloseCountersCurrentHandleOpen
                        • String ID:
                        • API String ID: 3488606520-0
                        • Opcode ID: 904e761f1c932701198e79a3a3365109dced628277654cadf47ccbe8def3597d
                        • Instruction ID: 2178315f83c157a79499dd73c50a2d8e228b8c8a856483ae2dcf07a57471a39a
                        • Opcode Fuzzy Hash: 904e761f1c932701198e79a3a3365109dced628277654cadf47ccbe8def3597d
                        • Instruction Fuzzy Hash: 4EA19F716043019FD720DF25C896B2ABBE1AF44718F14891EF99A9B3D2D7B4EC44CB92
                        Function 0053E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0053DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0053CF22,?), ref: 0053DDFD
                          • Part of subcall function 0053DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0053CF22,?), ref: 0053DE16
                          • Part of subcall function 0053E199: GetFileAttributesW.KERNEL32(?,0053CF95), ref: 0053E19A
                        • lstrcmpiW.KERNEL32(?,?), ref: 0053E473
                        • MoveFileW.KERNEL32(?,?), ref: 0053E4AC
                        • _wcslen.LIBCMT ref: 0053E5EB
                        • _wcslen.LIBCMT ref: 0053E603
                        • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0053E650
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                        • String ID:
                        • API String ID: 3183298772-0
                        • Opcode ID: c5f8767f2cc51c82db48e4add4bc1d4f667b81e1a9d26a00ddc6dc3ab9f2c182
                        • Instruction ID: 6ff42e61cd558f526d743e54ae1a6e38d3c5e7c1b46f7a2f68377d9c05160c12
                        • Opcode Fuzzy Hash: c5f8767f2cc51c82db48e4add4bc1d4f667b81e1a9d26a00ddc6dc3ab9f2c182
                        • Instruction Fuzzy Hash: 6A5183B25083455BC724EB90D892DEF7BECAF84344F00491FF689D3191EF75A588876A
                        Function 0055B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                          • Part of subcall function 0055C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0055B6AE,?,?), ref: 0055C9B5
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055C9F1
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055CA68
                          • Part of subcall function 0055C998: _wcslen.LIBCMT ref: 0055CA9E
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0055BAA5
                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0055BB00
                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0055BB63
                        • RegCloseKey.ADVAPI32(?,?), ref: 0055BBA6
                        • RegCloseKey.ADVAPI32(00000000), ref: 0055BBB3
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                        • String ID:
                        • API String ID: 826366716-0
                        • Opcode ID: ce6aacce81d70fa05dce728a842826932250ef8e2206962515caa63fb904f665
                        • Instruction ID: 8d7b14a627b7d67571b5ad7a6997f69701776650bb296a9b45b4288685ab2197
                        • Opcode Fuzzy Hash: ce6aacce81d70fa05dce728a842826932250ef8e2206962515caa63fb904f665
                        • Instruction Fuzzy Hash: A761B431208241EFD714DF14C4A4E2ABBE5FF84358F14895EF4998B2A2DB31ED49CB92
                        Function 00538BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                        Download Yara Rule
                        APIs
                        • VariantInit.OLEAUT32(?), ref: 00538BCD
                        • VariantClear.OLEAUT32 ref: 00538C3E
                        • VariantClear.OLEAUT32 ref: 00538C9D
                        • VariantClear.OLEAUT32(?), ref: 00538D10
                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00538D3B
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Variant$Clear$ChangeInitType
                        • String ID:
                        • API String ID: 4136290138-0
                        • Opcode ID: 31ad5a856025287944567f543c50551de6af55ee7216b47a36d28963a8be8566
                        • Instruction ID: 95a8d13aa59dba9adf8b2ab95eca74164ac4fc819b46691d3c9592b354317151
                        • Opcode Fuzzy Hash: 31ad5a856025287944567f543c50551de6af55ee7216b47a36d28963a8be8566
                        • Instruction Fuzzy Hash: 83515AB5A00219EFCB14CF68C894AAABBF8FF89314F158559F905DB350EB30E911CB90
                        Function 00548AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                        Download Yara Rule
                        APIs
                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00548BAE
                        • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00548BDA
                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00548C32
                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00548C57
                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00548C5F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: PrivateProfile$SectionWrite$String
                        • String ID:
                        • API String ID: 2832842796-0
                        • Opcode ID: 994dec39184227db3aa58bd86742d4bfe3f7adee23c778897de4792475e05487
                        • Instruction ID: 889f9cd36a0bf6f786be1f84c744d4748aeaf71d4b363ae8d3c49ab889c52927
                        • Opcode Fuzzy Hash: 994dec39184227db3aa58bd86742d4bfe3f7adee23c778897de4792475e05487
                        • Instruction Fuzzy Hash: 85515B35A00215EFCB00DF65C890AADBBF5FF48318F08845AE849AB362DB35ED41CB95
                        Function 00558EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00558F40
                        • GetProcAddress.KERNEL32(00000000,?), ref: 00558FD0
                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00558FEC
                        • GetProcAddress.KERNEL32(00000000,?), ref: 00559032
                        • FreeLibrary.KERNEL32(00000000), ref: 00559052
                          • Part of subcall function 004EF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00541043,?,753CE610), ref: 004EF6E6
                          • Part of subcall function 004EF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0052FA64,00000000,00000000,?,?,00541043,?,753CE610,?,0052FA64), ref: 004EF70D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                        • String ID:
                        • API String ID: 666041331-0
                        • Opcode ID: 8c83c2b009eafe7e051763bddc9d0455d8792881fe757db998abc76de7543b2a
                        • Instruction ID: 3c58ea36bdc7051ccf20b824140d288ab11d1b6418f3b695ba506fcbc8f71c6d
                        • Opcode Fuzzy Hash: 8c83c2b009eafe7e051763bddc9d0455d8792881fe757db998abc76de7543b2a
                        • Instruction Fuzzy Hash: 50515A35600245DFC700DF69C4A48ADBBF1FF49319B04809AEC0AAB362DB35ED89CB90
                        Function 00566B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                        Download Yara Rule
                        APIs
                        • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00566C33
                        • SetWindowLongW.USER32(?,000000EC,?), ref: 00566C4A
                        • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00566C73
                        • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0054AB79,00000000,00000000), ref: 00566C98
                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00566CC7
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$Long$MessageSendShow
                        • String ID:
                        • API String ID: 3688381893-0
                        • Opcode ID: 44a482b4cb5151ca7f89eeb7c6e062d466b7d0f501d184f84dc6f7f723a7ee22
                        • Instruction ID: baa88f8a0bb7dd4747feb44e605d38b7d397fa14b5935e8b78eebf8a594e020a
                        • Opcode Fuzzy Hash: 44a482b4cb5151ca7f89eeb7c6e062d466b7d0f501d184f84dc6f7f723a7ee22
                        • Instruction Fuzzy Hash: 6341B235A04504AFEB24CF28CC58FBA7FA9FB09350F150269F895AB2E0C771ED41DA90
                        Function 00502051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _free
                        • String ID:
                        • API String ID: 269201875-0
                        • Opcode ID: dc4d60cbe3fe9fc40c9ac3799a35ca44324507ac9784bd7e06527a5663679e09
                        • Instruction ID: 506251cdb2535ef206cc36b1250d5512528d9aa9436daf39d215a1e746012f9e
                        • Opcode Fuzzy Hash: dc4d60cbe3fe9fc40c9ac3799a35ca44324507ac9784bd7e06527a5663679e09
                        • Instruction Fuzzy Hash: E841D232A003009FCB24DF79C989A5DBBB5FF89314F1545A9EA15EB392DA31AD01CB90
                        Function 004E912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                        Download Yara Rule
                        APIs
                        • GetCursorPos.USER32(?), ref: 004E9141
                        • ScreenToClient.USER32(00000000,?), ref: 004E915E
                        • GetAsyncKeyState.USER32(00000001), ref: 004E9183
                        • GetAsyncKeyState.USER32(00000002), ref: 004E919D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: AsyncState$ClientCursorScreen
                        • String ID:
                        • API String ID: 4210589936-0
                        • Opcode ID: 1efa937227bf10a07d8d367a87c69779835e78a6c3ae4e50b6c4e7095b42f845
                        • Instruction ID: a24b617bd383f218167874028d9d54b4b3b44cffb391c1e8cd93024fc6ec91e5
                        • Opcode Fuzzy Hash: 1efa937227bf10a07d8d367a87c69779835e78a6c3ae4e50b6c4e7095b42f845
                        • Instruction Fuzzy Hash: 81416D3190851ABADB05DF69D848AEEBB74FF0A325F20421AE429A32D0C7345D54DB95
                        Function 00543874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetInputState.USER32 ref: 005438CB
                        • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00543922
                        • TranslateMessage.USER32(?), ref: 0054394B
                        • DispatchMessageW.USER32(?), ref: 00543955
                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00543966
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                        • String ID:
                        • API String ID: 2256411358-0
                        • Opcode ID: f0207fa6fca53d6713c973215651c71c0201e1f71439b2c8fdc37ee9459ef435
                        • Instruction ID: 04c96401159b6ffb05624383f51f6406700bd27183759becd280026de206524f
                        • Opcode Fuzzy Hash: f0207fa6fca53d6713c973215651c71c0201e1f71439b2c8fdc37ee9459ef435
                        • Instruction Fuzzy Hash: 1E3186709057429EEB25CF359849BF67FA8BB26308F04496DE4A2821B0E7F49689DB11
                        Function 0054CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                        Download Yara Rule
                        APIs
                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0054CF38
                        • InternetReadFile.WININET(?,00000000,?,?), ref: 0054CF6F
                        • GetLastError.KERNEL32(?,00000000,?,?,?,0054C21E,00000000), ref: 0054CFB4
                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,0054C21E,00000000), ref: 0054CFC8
                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,0054C21E,00000000), ref: 0054CFF2
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                        • String ID:
                        • API String ID: 3191363074-0
                        • Opcode ID: 4b0e487cde1055eaa5bfdcd0aa43d4969e777eb44f4dcdfcf7887bcac968463f
                        • Instruction ID: ffb30cfdce40c89a2c59c8a06377ac405760bb923b392f7d695fb10aef3a1f5e
                        • Opcode Fuzzy Hash: 4b0e487cde1055eaa5bfdcd0aa43d4969e777eb44f4dcdfcf7887bcac968463f
                        • Instruction Fuzzy Hash: FC317C71601205BFDB60DFA9C884AABBFF9FB54319B10442EF546D3101EB38AE489B60
                        Function 00531901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                        Download Yara Rule
                        APIs
                        • GetWindowRect.USER32(?,?), ref: 00531915
                        • PostMessageW.USER32(00000001,00000201,00000001), ref: 005319C1
                        • Sleep.KERNEL32(00000000,?,?,?), ref: 005319C9
                        • PostMessageW.USER32(00000001,00000202,00000000), ref: 005319DA
                        • Sleep.KERNEL32(00000000,?,?,?,?), ref: 005319E2
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessagePostSleep$RectWindow
                        • String ID:
                        • API String ID: 3382505437-0
                        • Opcode ID: 7ad46abcc39572df3019ec2aeb31c1335bd43352a123bec1ec6b181e45c76b64
                        • Instruction ID: 39ec2bb38889060c4f24388d395c9749c00239e4f37fe312cd1839450a06517b
                        • Opcode Fuzzy Hash: 7ad46abcc39572df3019ec2aeb31c1335bd43352a123bec1ec6b181e45c76b64
                        • Instruction Fuzzy Hash: C731AC72900219AFCB00CFACC998BAE3FB5FB04315F104225F961AB2D0C7B09954DB94
                        Function 00565706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00565745
                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 0056579D
                        • _wcslen.LIBCMT ref: 005657AF
                        • _wcslen.LIBCMT ref: 005657BA
                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00565816
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$_wcslen
                        • String ID:
                        • API String ID: 763830540-0
                        • Opcode ID: dbf1615d505e2fa7c485c9b626c357a6294f15ebf37eaca09f254f1e7f9416bc
                        • Instruction ID: c695e804180301c55653b8798d92a11358cf491585a2390d99bc9acfcacbd91b
                        • Opcode Fuzzy Hash: dbf1615d505e2fa7c485c9b626c357a6294f15ebf37eaca09f254f1e7f9416bc
                        • Instruction Fuzzy Hash: ED21E170940608DADF208FA4CC84AEE7FB8FF04725F108256F929EB180EBB48985CF50
                        Function 00550930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                        Download Yara Rule
                        APIs
                        • IsWindow.USER32(00000000), ref: 00550951
                        • GetForegroundWindow.USER32 ref: 00550968
                        • GetDC.USER32(00000000), ref: 005509A4
                        • GetPixel.GDI32(00000000,?,00000003), ref: 005509B0
                        • ReleaseDC.USER32(00000000,00000003), ref: 005509E8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$ForegroundPixelRelease
                        • String ID:
                        • API String ID: 4156661090-0
                        • Opcode ID: f9cf273b2938f876193d899655b1d88131108fe7353a3aeac5b5cfbe768a8e5c
                        • Instruction ID: abc1d60094833c2f26cda971967ad68bbf8903fca328a36bb70a308c330c70c9
                        • Opcode Fuzzy Hash: f9cf273b2938f876193d899655b1d88131108fe7353a3aeac5b5cfbe768a8e5c
                        • Instruction Fuzzy Hash: 40219F35600204AFD704EF69D898AAEBFF9FF54705F00806DE84A97352CB70AC08DB90
                        Function 0050CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                        Download Yara Rule
                        APIs
                        • GetEnvironmentStringsW.KERNEL32 ref: 0050CDC6
                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0050CDE9
                          • Part of subcall function 00503820: RtlAllocateHeap.NTDLL(00000000,?,005A1444,?,004EFDF5,?,?,004DA976,00000010,005A1440,004D13FC,?,004D13C6,?,004D1129), ref: 00503852
                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0050CE0F
                        • _free.LIBCMT ref: 0050CE22
                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0050CE31
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                        • String ID:
                        • API String ID: 336800556-0
                        • Opcode ID: c67db599db5f209c245a629d6913f68df7222577b95b268e974cf85fc3cb0b62
                        • Instruction ID: eb58e9fe30c4c15f1bf2f8ea5c42d7aab7cc2b61bd06dfa580c98300e3b3a182
                        • Opcode Fuzzy Hash: c67db599db5f209c245a629d6913f68df7222577b95b268e974cf85fc3cb0b62
                        • Instruction Fuzzy Hash: 1C0184726022157FA32227BAAC8CD7F6D6DFFC7BA13150229FD05C7281EE618D0191B0
                        Function 004E9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                        Download Yara Rule
                        APIs
                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 004E9693
                        • SelectObject.GDI32(?,00000000), ref: 004E96A2
                        • BeginPath.GDI32(?), ref: 004E96B9
                        • SelectObject.GDI32(?,00000000), ref: 004E96E2
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ObjectSelect$BeginCreatePath
                        • String ID:
                        • API String ID: 3225163088-0
                        • Opcode ID: fb48934bd2f4c90dfa5aa0ff9467987ef5be7e3fa3876b3afb4aaceee4959acd
                        • Instruction ID: 4355091076dc17421a573c5433a325ca89a3465f69ab0d7bc01f3aed515799fc
                        • Opcode Fuzzy Hash: fb48934bd2f4c90dfa5aa0ff9467987ef5be7e3fa3876b3afb4aaceee4959acd
                        • Instruction Fuzzy Hash: 46216030801649EFDB119F69EC187AB3BA4BB22356F100217F410971E0D3745D99EB9D
                        Function 00535711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _memcmp
                        • String ID:
                        • API String ID: 2931989736-0
                        • Opcode ID: e2a10078bd8ecf70137186d59899598baf7764a30b866d150623ab3d2187366b
                        • Instruction ID: 925db101e8a7b4c37177c39a779f62113f7aa1b5d50760d28559a7a0c4824aae
                        • Opcode Fuzzy Hash: e2a10078bd8ecf70137186d59899598baf7764a30b866d150623ab3d2187366b
                        • Instruction Fuzzy Hash: 80019261645609FBE2085511AD82EBA7B5DFB213D8F414025FE049B641F664ED10C3E4
                        Function 00502DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetLastError.KERNEL32(?,?,?,004FF2DE,00503863,005A1444,?,004EFDF5,?,?,004DA976,00000010,005A1440,004D13FC,?,004D13C6), ref: 00502DFD
                        • _free.LIBCMT ref: 00502E32
                        • _free.LIBCMT ref: 00502E59
                        • SetLastError.KERNEL32(00000000,004D1129), ref: 00502E66
                        • SetLastError.KERNEL32(00000000,004D1129), ref: 00502E6F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorLast$_free
                        • String ID:
                        • API String ID: 3170660625-0
                        • Opcode ID: 0d34931ad86a9d13e1ab41c5a40e5a662a5f473811cfc9e53857f8bc7131e920
                        • Instruction ID: 556b8a276babd1c770114c93788911293d0cc10af762ffa0374a4bc902b41950
                        • Opcode Fuzzy Hash: 0d34931ad86a9d13e1ab41c5a40e5a662a5f473811cfc9e53857f8bc7131e920
                        • Instruction Fuzzy Hash: DA01283628560267C7123739AC4DD3F2E5DBFE13B1F254829F865A32D2EF708C056120
                        Function 0053000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                        Download Yara Rule
                        APIs
                        • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0052FF41,80070057,?,?,?,0053035E), ref: 0053002B
                        • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0052FF41,80070057,?,?), ref: 00530046
                        • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0052FF41,80070057,?,?), ref: 00530054
                        • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0052FF41,80070057,?), ref: 00530064
                        • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0052FF41,80070057,?,?), ref: 00530070
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: From$Prog$FreeStringTasklstrcmpi
                        • String ID:
                        • API String ID: 3897988419-0
                        • Opcode ID: 9a9f15dca84a85874265996d6e465d286ba1b2a1bf947fcb1b96ba9c92d05020
                        • Instruction ID: 1320dc837bf821207aa590a55375aa6f9f2af106e71e147dd5f2d55ba26cf05d
                        • Opcode Fuzzy Hash: 9a9f15dca84a85874265996d6e465d286ba1b2a1bf947fcb1b96ba9c92d05020
                        • Instruction Fuzzy Hash: 4801B872600308ABDB204F69DC48BBA7FADEB44792F109124F845D3250E7B0DD04ABA0
                        Function 0053E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                        Download Yara Rule
                        APIs
                        • QueryPerformanceCounter.KERNEL32(?), ref: 0053E997
                        • QueryPerformanceFrequency.KERNEL32(?), ref: 0053E9A5
                        • Sleep.KERNEL32(00000000), ref: 0053E9AD
                        • QueryPerformanceCounter.KERNEL32(?), ref: 0053E9B7
                        • Sleep.KERNEL32 ref: 0053E9F3
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: PerformanceQuery$CounterSleep$Frequency
                        • String ID:
                        • API String ID: 2833360925-0
                        • Opcode ID: 8943086f5b5148ada9104319289f7a1069dd13a8cd2c06486ff45220c05665e3
                        • Instruction ID: ff591b1f882bbe351d91b91b799b5376e5bf1e4cabd2809534723b359b8f52d6
                        • Opcode Fuzzy Hash: 8943086f5b5148ada9104319289f7a1069dd13a8cd2c06486ff45220c05665e3
                        • Instruction Fuzzy Hash: F1012932C01629DBCF00AFE9DC5AAEDBFB8FF19701F000556E942B2281CB709559DBA1
                        Function 005310F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                        Download Yara Rule
                        APIs
                        • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00531114
                        • GetLastError.KERNEL32(?,00000000,00000000,?,?,00530B9B,?,?,?), ref: 00531120
                        • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00530B9B,?,?,?), ref: 0053112F
                        • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00530B9B,?,?,?), ref: 00531136
                        • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0053114D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                        • String ID:
                        • API String ID: 842720411-0
                        • Opcode ID: 491eafd528999c409cfe71ea192d0e8fdfadd286dd6d2e5929c0a08cd1963f0b
                        • Instruction ID: 5fd4fd639dc12fc9a7bf5959a08e9c4bff4e1c3dc5be0abd1dd03f1461da965f
                        • Opcode Fuzzy Hash: 491eafd528999c409cfe71ea192d0e8fdfadd286dd6d2e5929c0a08cd1963f0b
                        • Instruction Fuzzy Hash: 41011975200605BFDB114FA9DC49AAA3F6EFF8A3A0B204419FA85D7360DA71DC04EA60
                        Function 00530FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                        Download Yara Rule
                        APIs
                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00530FCA
                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00530FD6
                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00530FE5
                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00530FEC
                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00531002
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: HeapInformationToken$AllocErrorLastProcess
                        • String ID:
                        • API String ID: 44706859-0
                        • Opcode ID: a71ba2dbf5aaddc449776a3c509fce4ce7c3612a25e25753480d6b87f884a7e3
                        • Instruction ID: 02a96fdf595ac34e90f796d868096ab76f683dec29a9f7f7a11ef692cf64275a
                        • Opcode Fuzzy Hash: a71ba2dbf5aaddc449776a3c509fce4ce7c3612a25e25753480d6b87f884a7e3
                        • Instruction Fuzzy Hash: EBF04935200701BBDB214FB99C4DF6A3FADFF9A762F104414FA89D7251DAB1DC849A60
                        Function 00531014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                        Download Yara Rule
                        APIs
                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0053102A
                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00531036
                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00531045
                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0053104C
                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00531062
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: HeapInformationToken$AllocErrorLastProcess
                        • String ID:
                        • API String ID: 44706859-0
                        • Opcode ID: 49832fcaeafa388a3d191e3cbea5b0790d2aae5f29b02d623298b342f1cddefd
                        • Instruction ID: 7930ed6dab807e42c57e6e81018bbd5babcbc93a650fcaac6292d8ea7b9bd266
                        • Opcode Fuzzy Hash: 49832fcaeafa388a3d191e3cbea5b0790d2aae5f29b02d623298b342f1cddefd
                        • Instruction Fuzzy Hash: 07F04935200701BBDB215FAAEC5DF6A3FADFF9A761F100414FA85D7250CAB1D8849A60
                        Function 0054030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                        Download Yara Rule
                        APIs
                        • CloseHandle.KERNEL32(?,?,?,?,0054017D,?,005432FC,?,00000001,00512592,?), ref: 00540324
                        • CloseHandle.KERNEL32(?,?,?,?,0054017D,?,005432FC,?,00000001,00512592,?), ref: 00540331
                        • CloseHandle.KERNEL32(?,?,?,?,0054017D,?,005432FC,?,00000001,00512592,?), ref: 0054033E
                        • CloseHandle.KERNEL32(?,?,?,?,0054017D,?,005432FC,?,00000001,00512592,?), ref: 0054034B
                        • CloseHandle.KERNEL32(?,?,?,?,0054017D,?,005432FC,?,00000001,00512592,?), ref: 00540358
                        • CloseHandle.KERNEL32(?,?,?,?,0054017D,?,005432FC,?,00000001,00512592,?), ref: 00540365
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CloseHandle
                        • String ID:
                        • API String ID: 2962429428-0
                        • Opcode ID: c742d629f0474c99fa4c74a0c738b2e052e03e2f0f674ed9914a1d2b0a8d3f74
                        • Instruction ID: ae3bc987bc6f1b964f725f0786b82794edaedca3219810bf572253cbc0a87ed1
                        • Opcode Fuzzy Hash: c742d629f0474c99fa4c74a0c738b2e052e03e2f0f674ed9914a1d2b0a8d3f74
                        • Instruction Fuzzy Hash: 8901A272800B159FC7309F66D890456FBF5BF603193259E3FD29652971C3B1A958DF80
                        Function 0050D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • _free.LIBCMT ref: 0050D752
                          • Part of subcall function 005029C8: HeapFree.KERNEL32(00000000,00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000), ref: 005029DE
                          • Part of subcall function 005029C8: GetLastError.KERNEL32(00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000,00000000), ref: 005029F0
                        • _free.LIBCMT ref: 0050D764
                        • _free.LIBCMT ref: 0050D776
                        • _free.LIBCMT ref: 0050D788
                        • _free.LIBCMT ref: 0050D79A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _free$ErrorFreeHeapLast
                        • String ID:
                        • API String ID: 776569668-0
                        • Opcode ID: 04a3a8ae7f5c64d2525b7041ab5592c614e7e0ead1ff7d72e81fc507f77e51b3
                        • Instruction ID: e2092867bcc6560988b524a17c7e3e8e0d5570470652bcc7bb01769b830cd660
                        • Opcode Fuzzy Hash: 04a3a8ae7f5c64d2525b7041ab5592c614e7e0ead1ff7d72e81fc507f77e51b3
                        • Instruction Fuzzy Hash: 3BF01232544205ABC621EBA8F9C9D1E7FEDFB94710BA50C06F049E7582C734FC8086B4
                        Function 00535C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • GetDlgItem.USER32(?,000003E9), ref: 00535C58
                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 00535C6F
                        • MessageBeep.USER32(00000000), ref: 00535C87
                        • KillTimer.USER32(?,0000040A), ref: 00535CA3
                        • EndDialog.USER32(?,00000001), ref: 00535CBD
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                        • String ID:
                        • API String ID: 3741023627-0
                        • Opcode ID: da3aa4b884c549f761bc1e5a81687c1c8954a8b0eafcc64d9c089ef6d439b0c5
                        • Instruction ID: 356f4292660aacfc1259f10b74ee99d93d50b1254ece78bf9285607bc44bd5fc
                        • Opcode Fuzzy Hash: da3aa4b884c549f761bc1e5a81687c1c8954a8b0eafcc64d9c089ef6d439b0c5
                        • Instruction Fuzzy Hash: D0013B305007049BEB215B18DD4EFA57FB8FB14705F04255AE583614E1E7F4AD49DA54
                        Function 005022A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                        Download Yara Rule
                        APIs
                        • _free.LIBCMT ref: 005022BE
                          • Part of subcall function 005029C8: HeapFree.KERNEL32(00000000,00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000), ref: 005029DE
                          • Part of subcall function 005029C8: GetLastError.KERNEL32(00000000,?,0050D7D1,00000000,00000000,00000000,00000000,?,0050D7F8,00000000,00000007,00000000,?,0050DBF5,00000000,00000000), ref: 005029F0
                        • _free.LIBCMT ref: 005022D0
                        • _free.LIBCMT ref: 005022E3
                        • _free.LIBCMT ref: 005022F4
                        • _free.LIBCMT ref: 00502305
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _free$ErrorFreeHeapLast
                        • String ID:
                        • API String ID: 776569668-0
                        • Opcode ID: aa0d6fb396991ff87c843621eac04a161e3d6b4e98aee8a2c7fc89fe680b6893
                        • Instruction ID: f741cb6a5f9e9c189d51c23f60961512a51183a04998c4e804c8ce95be83dc19
                        • Opcode Fuzzy Hash: aa0d6fb396991ff87c843621eac04a161e3d6b4e98aee8a2c7fc89fe680b6893
                        • Instruction Fuzzy Hash: 43F030784105118FC612BF54BC0994C3F64BB7A750F511907F418D32F1C7304855BBA8
                        Function 004E95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                        Download Yara Rule
                        APIs
                        • EndPath.GDI32(?), ref: 004E95D4
                        • StrokeAndFillPath.GDI32(?,?,005271F7,00000000,?,?,?), ref: 004E95F0
                        • SelectObject.GDI32(?,00000000), ref: 004E9603
                        • DeleteObject.GDI32 ref: 004E9616
                        • StrokePath.GDI32(?), ref: 004E9631
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Path$ObjectStroke$DeleteFillSelect
                        • String ID:
                        • API String ID: 2625713937-0
                        • Opcode ID: d62309460b467fa549c45e5f70c3ade94d6f9ecc46d1e80de902211acbd4788e
                        • Instruction ID: 4c9a787c31c4774197a17428fb9913db3a444b78a1f8bee8ee01f6c6d3141cad
                        • Opcode Fuzzy Hash: d62309460b467fa549c45e5f70c3ade94d6f9ecc46d1e80de902211acbd4788e
                        • Instruction Fuzzy Hash: E1F03C31005A48EFDB265F6AED1C77A3F61AB22372F048216F465561F0C7748999EF28
                        Function 00500F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: __freea$_free
                        • String ID: a/p$am/pm
                        • API String ID: 3432400110-3206640213
                        • Opcode ID: 179bd90e16194377b58c0d493c21e171e96e05b404b7743a498dd80ecdb924ab
                        • Instruction ID: 61b12664b03df518bf8421ec309b18d1ed8ac708c77ce207a2522214a0d19a8d
                        • Opcode Fuzzy Hash: 179bd90e16194377b58c0d493c21e171e96e05b404b7743a498dd80ecdb924ab
                        • Instruction Fuzzy Hash: 6CD10335900A06CBDB289F68C959BFEBFB1FF05300F284959E9419B6D0D3759D80CB9A
                        Function 005561D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004F0242: EnterCriticalSection.KERNEL32(005A070C,005A1884,?,?,004E198B,005A2518,?,?,?,004D12F9,00000000), ref: 004F024D
                          • Part of subcall function 004F0242: LeaveCriticalSection.KERNEL32(005A070C,?,004E198B,005A2518,?,?,?,004D12F9,00000000), ref: 004F028A
                          • Part of subcall function 004F00A3: __onexit.LIBCMT ref: 004F00A9
                        • __Init_thread_footer.LIBCMT ref: 00556238
                          • Part of subcall function 004F01F8: EnterCriticalSection.KERNEL32(005A070C,?,?,004E8747,005A2514), ref: 004F0202
                          • Part of subcall function 004F01F8: LeaveCriticalSection.KERNEL32(005A070C,?,004E8747,005A2514), ref: 004F0235
                          • Part of subcall function 0054359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 005435E4
                          • Part of subcall function 0054359C: LoadStringW.USER32(005A2390,?,00000FFF,?), ref: 0054360A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                        • String ID: x#Z$x#Z$x#Z
                        • API String ID: 1072379062-2113269113
                        • Opcode ID: 9d5286af024639cca03615725578f7520d89ddf04cdc5abf0f8ab07e7f727810
                        • Instruction ID: 02b6f7e9a4900fd8ad3eb1da1175746812d10ea6c309faf4d572ceb8fc0ddecb
                        • Opcode Fuzzy Hash: 9d5286af024639cca03615725578f7520d89ddf04cdc5abf0f8ab07e7f727810
                        • Instruction Fuzzy Hash: 4DC19F71A00145AFCB14DF99C8A1EBEBBB9FF49304F50846AF9059B251EB74ED48CB90
                        Function 00505AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID: JOM
                        • API String ID: 0-4257267683
                        • Opcode ID: df04b060de81cad67caa75c106c8f7c105f4ec0e3d7c240103e5505ac7212fd7
                        • Instruction ID: c47d36cb94713408d3ab8fe901fe47bbba4fcb2098ecf7cf1018ff39861edc34
                        • Opcode Fuzzy Hash: df04b060de81cad67caa75c106c8f7c105f4ec0e3d7c240103e5505ac7212fd7
                        • Instruction Fuzzy Hash: 8051DC71A00A0AAFDF219FA9C849ABFBFB8BF45314F14045AF405A72D1E6359E01DF61
                        Function 00508A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00508B6E
                        • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00508B7A
                        • __dosmaperr.LIBCMT ref: 00508B81
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ByteCharErrorLastMultiWide__dosmaperr
                        • String ID: .O
                        • API String ID: 2434981716-1338311375
                        • Opcode ID: 99df86b1954ce7da6a46306b86948149b1df48b6437310bdc5e42ea6592b1d73
                        • Instruction ID: c615c21299be7342f567a34f1e501f37716eee2e632f996ec949b3f210b65c2a
                        • Opcode Fuzzy Hash: 99df86b1954ce7da6a46306b86948149b1df48b6437310bdc5e42ea6592b1d73
                        • Instruction Fuzzy Hash: CD4146B0604155AFDB249F28C881E7D7FA6FF86314B2885AAF8C5976D2DE318C069790
                        Function 00532716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0053B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,005321D0,?,?,00000034,00000800,?,00000034), ref: 0053B42D
                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00532760
                          • Part of subcall function 0053B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,005321FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0053B3F8
                          • Part of subcall function 0053B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0053B355
                          • Part of subcall function 0053B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00532194,00000034,?,?,00001004,00000000,00000000), ref: 0053B365
                          • Part of subcall function 0053B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00532194,00000034,?,?,00001004,00000000,00000000), ref: 0053B37B
                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 005327CD
                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0053281A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                        • String ID: @
                        • API String ID: 4150878124-2766056989
                        • Opcode ID: bfc73e03f8054485f2dd73e026e93424d680777892be680d6f269e7f511619e8
                        • Instruction ID: 33d52bf1a2e9827d94d3a89eb0b4a71b2ef5d18dc903a934217da71431d803a5
                        • Opcode Fuzzy Hash: bfc73e03f8054485f2dd73e026e93424d680777892be680d6f269e7f511619e8
                        • Instruction Fuzzy Hash: 75413B72900219BFDB10DBA8CD55AEEBBB8FF49700F104099FA55B7181DB706E45CBA0
                        Function 0050172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00501769
                        • _free.LIBCMT ref: 00501834
                        • _free.LIBCMT ref: 0050183E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _free$FileModuleName
                        • String ID: C:\Users\user\Desktop\file.exe
                        • API String ID: 2506810119-1957095476
                        • Opcode ID: a5c40f8121a6736b5514336585d209f0cf50a847fe5dce742d7e3bb7278966e4
                        • Instruction ID: 677ac90f3b8bfc4a34fbeffee24eb51d39dcc43873047a6e69b57102d3a1490e
                        • Opcode Fuzzy Hash: a5c40f8121a6736b5514336585d209f0cf50a847fe5dce742d7e3bb7278966e4
                        • Instruction Fuzzy Hash: 5031AE75A00A18EBCB21DF999885DAEBFFCFF95310F1041AAF80497291D6708E44CB99
                        Function 0053C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0053C306
                        • DeleteMenu.USER32(?,00000007,00000000), ref: 0053C34C
                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,005A1990,00D558D8), ref: 0053C395
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Menu$Delete$InfoItem
                        • String ID: 0
                        • API String ID: 135850232-4108050209
                        • Opcode ID: 69c966693bcea654e95eb64c4b8e1005692f3efb1d26137cdedee381d95c12b1
                        • Instruction ID: d1d0f31f71d409592e84f961abfd4e7db832c15dbfe520d2d32135e47a3b65a1
                        • Opcode Fuzzy Hash: 69c966693bcea654e95eb64c4b8e1005692f3efb1d26137cdedee381d95c12b1
                        • Instruction Fuzzy Hash: E04180712043029FD720DF29D884B6ABFE4BF85314F148A1EF9A5E7291D770A904CB62
                        Function 00564416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                        Download Yara Rule
                        APIs
                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0056CC08,00000000,?,?,?,?), ref: 005644AA
                        • GetWindowLongW.USER32 ref: 005644C7
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 005644D7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$Long
                        • String ID: SysTreeView32
                        • API String ID: 847901565-1698111956
                        • Opcode ID: 2add2ef5d97aa8f4517b95d2c16f528897cbc39b7bcafb04844fc8b568fb00ec
                        • Instruction ID: e97af85d44a9fac04b62bf959daf6087b33a0984f3dcb06e4872d418d2d1736b
                        • Opcode Fuzzy Hash: 2add2ef5d97aa8f4517b95d2c16f528897cbc39b7bcafb04844fc8b568fb00ec
                        • Instruction Fuzzy Hash: C5319C31210205ABDF218E38DC46BEA7BA9FB19328F204716F975931E0DB74AC909B50
                        Function 00536E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                        Download Yara Rule
                        APIs
                        • SysReAllocString.OLEAUT32(?,?), ref: 00536EED
                        • VariantCopyInd.OLEAUT32(?,?), ref: 00536F08
                        • VariantClear.OLEAUT32(?), ref: 00536F12
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Variant$AllocClearCopyString
                        • String ID: *jS
                        • API String ID: 2173805711-2817235271
                        • Opcode ID: 8c541caeeaa99ae8161bf69c41ae9dea10363531839eb6c62ad62c7fc877bce8
                        • Instruction ID: 7fe4673858779a52fde40cc6f89a6ac0ae1ad5ff3944a0ec9a69747170129ed1
                        • Opcode Fuzzy Hash: 8c541caeeaa99ae8161bf69c41ae9dea10363531839eb6c62ad62c7fc877bce8
                        • Instruction Fuzzy Hash: A931B371604245EFCB06AF65E8609BD3B75FF85304F10489EF8064B3A1CB349951DBD5
                        Function 0055304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0055335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00553077,?,?), ref: 00553378
                        • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0055307A
                        • _wcslen.LIBCMT ref: 0055309B
                        • htons.WSOCK32(00000000,?,?,00000000), ref: 00553106
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                        • String ID: 255.255.255.255
                        • API String ID: 946324512-2422070025
                        • Opcode ID: 9a87457015d326e087ba5e1c8a204b9a76e3c6a1f7d071384bc75f7738e75d17
                        • Instruction ID: 5b70782a6f46f10667417bcb6110b4bf751655df3dc251940ad8d39086909f49
                        • Opcode Fuzzy Hash: 9a87457015d326e087ba5e1c8a204b9a76e3c6a1f7d071384bc75f7738e75d17
                        • Instruction Fuzzy Hash: 3731C4356003059FCB20CF69C495EAA7BE0FF54399F24845AED198B3A2DB71DE49C760
                        Function 00563EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00563F40
                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00563F54
                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00563F78
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$Window
                        • String ID: SysMonthCal32
                        • API String ID: 2326795674-1439706946
                        • Opcode ID: d6b046e30aead2f9f3945a808425b935715d3dd054ceee5b584ffcbda084a83b
                        • Instruction ID: 070a9ab4ce847a45e715d22580797832457620e8cfa5adaf0465f38e1a7a1865
                        • Opcode Fuzzy Hash: d6b046e30aead2f9f3945a808425b935715d3dd054ceee5b584ffcbda084a83b
                        • Instruction Fuzzy Hash: 7C21BC32600219BBDF218F94CC46FEA3FB9FB88724F110215FA156B1D0D6B5AC94DBA0
                        Function 00564653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00564705
                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00564713
                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0056471A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$DestroyWindow
                        • String ID: msctls_updown32
                        • API String ID: 4014797782-2298589950
                        • Opcode ID: 4af9c05a3b332d87598d80d6e22b160b18fe84dac5301b741fcce402b47f48ae
                        • Instruction ID: b1fa8df06b2ded0cd2d960ce2ee5f1c10baad2ed736a7b9a4f28e59e3b3a74cd
                        • Opcode Fuzzy Hash: 4af9c05a3b332d87598d80d6e22b160b18fe84dac5301b741fcce402b47f48ae
                        • Instruction Fuzzy Hash: 472160B5600209AFDB10DF68DCD5DB73BADFB5A398B04015AFA019B361CB70EC52DA64
                        Function 005395AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen
                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                        • API String ID: 176396367-2734436370
                        • Opcode ID: 0aa240025373135086ca3c64b9bcf44aa94386a5b764520bcce2c294ec1baffb
                        • Instruction ID: 0c513f0a0d26a01860dfc5c11788e16c0a14294fa15f6ff81210faffebcda052
                        • Opcode Fuzzy Hash: 0aa240025373135086ca3c64b9bcf44aa94386a5b764520bcce2c294ec1baffb
                        • Instruction Fuzzy Hash: 99215BB220561066C331AB299C13FB77BD8BF91314F50442FFA4A9B141EBD5AD81C3D9
                        Function 005637B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00563840
                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00563850
                        • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00563876
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend$MoveWindow
                        • String ID: Listbox
                        • API String ID: 3315199576-2633736733
                        • Opcode ID: 53389fd8b59b89b6d101eddb13d21ec84b1e22aa2a4faf0d5a051d5b0d0303c3
                        • Instruction ID: 7417bf35826cbf4238f54a398de99e76d17f6e2858a9b3e75060f96b31e7b946
                        • Opcode Fuzzy Hash: 53389fd8b59b89b6d101eddb13d21ec84b1e22aa2a4faf0d5a051d5b0d0303c3
                        • Instruction Fuzzy Hash: 9121BE72610218BBEF218F64CC85EBB3B6EFF99764F108124F9009B190C6B1DD5287A0
                        Function 005449F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 00544A08
                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00544A5C
                        • SetErrorMode.KERNEL32(00000000,?,?,0056CC08), ref: 00544AD0
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorMode$InformationVolume
                        • String ID: %lu
                        • API String ID: 2507767853-685833217
                        • Opcode ID: 90d320b8aeaaba37ddc249e5f7eb0d31fdb556acc6dcde1364766e434c4078b6
                        • Instruction ID: c6a1481d0e45c2cdb1bd6b6fdfc28eb0dbafc4887cb5d3bc30bcc12701b27dce
                        • Opcode Fuzzy Hash: 90d320b8aeaaba37ddc249e5f7eb0d31fdb556acc6dcde1364766e434c4078b6
                        • Instruction Fuzzy Hash: D5317C70A00209AFDB10DF55C885EAA7BF8EF08308F1480A9E809DB362DB75ED45CB61
                        Function 005641EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0056424F
                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00564264
                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00564271
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID: msctls_trackbar32
                        • API String ID: 3850602802-1010561917
                        • Opcode ID: 9ee230af81f10d07251a347f5b80baabb51321d22da5dec9a4b40775138ffcb7
                        • Instruction ID: 2c948e210c2537184965dccfd1edb18f1f43028903785bf33238667a90ee75ce
                        • Opcode Fuzzy Hash: 9ee230af81f10d07251a347f5b80baabb51321d22da5dec9a4b40775138ffcb7
                        • Instruction Fuzzy Hash: 8A11E331240208BEEF205E29CC46FAB3FACFF95B54F110515FA55E7090D2B1D8519B14
                        Function 00532F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D6B57: _wcslen.LIBCMT ref: 004D6B6A
                          • Part of subcall function 00532DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00532DC5
                          • Part of subcall function 00532DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00532DD6
                          • Part of subcall function 00532DA7: GetCurrentThreadId.KERNEL32 ref: 00532DDD
                          • Part of subcall function 00532DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00532DE4
                        • GetFocus.USER32 ref: 00532F78
                          • Part of subcall function 00532DEE: GetParent.USER32(00000000), ref: 00532DF9
                        • GetClassNameW.USER32(?,?,00000100), ref: 00532FC3
                        • EnumChildWindows.USER32(?,0053303B), ref: 00532FEB
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                        • String ID: %s%d
                        • API String ID: 1272988791-1110647743
                        • Opcode ID: 8f05d5136a108320e904bcfbe5f29fbb421b50319de3b153accdbf304dbc9ae8
                        • Instruction ID: f14286d4e15fddddd7e41eec9b8cd970439b57d4e445e5b88e7225288f5b2c9b
                        • Opcode Fuzzy Hash: 8f05d5136a108320e904bcfbe5f29fbb421b50319de3b153accdbf304dbc9ae8
                        • Instruction Fuzzy Hash: DA11E4712002056BCF04BFB4CC99EFD3B6ABF94304F04407AF9099B252DE74A90A8B70
                        Function 00565882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005658C1
                        • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005658EE
                        • DrawMenuBar.USER32(?), ref: 005658FD
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Menu$InfoItem$Draw
                        • String ID: 0
                        • API String ID: 3227129158-4108050209
                        • Opcode ID: f2d256220f3e89111128329ec81b8cf399e3559b550b11bcd319c66d70addd1b
                        • Instruction ID: 2c47fbdaef5e63e3a5d9033592750de2eb922ed0e7eddc1a95eac9ebc7eb8ca0
                        • Opcode Fuzzy Hash: f2d256220f3e89111128329ec81b8cf399e3559b550b11bcd319c66d70addd1b
                        • Instruction Fuzzy Hash: B0015B31500258EEDB219F16DC44BAEBFB4FB45361F10809AF889D7151EB709A88EF21
                        Function 0052D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0052D3BF
                        • FreeLibrary.KERNEL32 ref: 0052D3E5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: AddressFreeLibraryProc
                        • String ID: GetSystemWow64DirectoryW$X64
                        • API String ID: 3013587201-2590602151
                        • Opcode ID: a56e9a17b1113a2143ad46ccbca6bf7a5b8511526ebf436a0735dbf59761afa5
                        • Instruction ID: 647ac1ff0db2200df7a30866aeee442a68bd6dd30cfe9c32a5028d71254c3479
                        • Opcode Fuzzy Hash: a56e9a17b1113a2143ad46ccbca6bf7a5b8511526ebf436a0735dbf59761afa5
                        • Instruction Fuzzy Hash: 48F05C35901630DBD73156109C949B93F747F23701BA88C16F442E6184D760CC4482F6
                        Function 0053007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6f3e22944c1a86046a86fd903313cfdb3c4bad04f8dfb74e6b396f5eff9d2023
                        • Instruction ID: 9f600a2b367b129c1b361cb75306c87272e9e22ec095f7282a96984781388a8c
                        • Opcode Fuzzy Hash: 6f3e22944c1a86046a86fd903313cfdb3c4bad04f8dfb74e6b396f5eff9d2023
                        • Instruction Fuzzy Hash: BAC16D75A00216EFCB14CF98C8A4EAEBBB5FF48714F209598E505EB291D731DD41DB90
                        Function 0055342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Variant$ClearInitInitializeUninitialize
                        • String ID:
                        • API String ID: 1998397398-0
                        • Opcode ID: 3357e4f2d4ca0299da41be7f3fb637a4b487ec3c6b6b1bd936b38a5a66463260
                        • Instruction ID: 8d4f59c5ded7f429319b0344da649faf08ed4f18995bafb9c6ea59d8a6606a96
                        • Opcode Fuzzy Hash: 3357e4f2d4ca0299da41be7f3fb637a4b487ec3c6b6b1bd936b38a5a66463260
                        • Instruction Fuzzy Hash: A5A18E752042009FC700DF25C4A5A2ABBE4FF88359F04885EFD8A9B361DB34EE05CB56
                        Function 00530436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                        Download Yara Rule
                        APIs
                        • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0056FC08,?), ref: 005305F0
                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0056FC08,?), ref: 00530608
                        • CLSIDFromProgID.OLE32(?,?,00000000,0056CC40,000000FF,?,00000000,00000800,00000000,?,0056FC08,?), ref: 0053062D
                        • _memcmp.LIBVCRUNTIME ref: 0053064E
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: FromProg$FreeTask_memcmp
                        • String ID:
                        • API String ID: 314563124-0
                        • Opcode ID: 0fa5e2df385fe0d51d827681e4079f2ddc7470fb6feab7b5f4292ed9a7c8a25e
                        • Instruction ID: 491b8e0bc325cb771d5eb3cc1789667f9b17e76e9cd1af7a385b91a0f8d3f595
                        • Opcode Fuzzy Hash: 0fa5e2df385fe0d51d827681e4079f2ddc7470fb6feab7b5f4292ed9a7c8a25e
                        • Instruction Fuzzy Hash: E2810C71A00209EFCB04DFD4C994DEEBBB9FF89315F104599E516AB290DB71AE06CB60
                        Function 0055A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                        Download Yara Rule
                        APIs
                        • CreateToolhelp32Snapshot.KERNEL32 ref: 0055A6AC
                        • Process32FirstW.KERNEL32(00000000,?), ref: 0055A6BA
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                        • Process32NextW.KERNEL32(00000000,?), ref: 0055A79C
                        • CloseHandle.KERNEL32(00000000), ref: 0055A7AB
                          • Part of subcall function 004ECE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00513303,?), ref: 004ECE8A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                        • String ID:
                        • API String ID: 1991900642-0
                        • Opcode ID: 7f24018efdbdab74cbe2995cc787840b333d5e772f4ca46fdc8b202131849b23
                        • Instruction ID: 15b1bec94b59f8c4529306ac7712ee9a906f404ae07d8b5b261a68a2fbf31a3d
                        • Opcode Fuzzy Hash: 7f24018efdbdab74cbe2995cc787840b333d5e772f4ca46fdc8b202131849b23
                        • Instruction Fuzzy Hash: 52516C715083009FD710EF25D896A6BBBE8FF89758F00491EF98597291EB74E904CB92
                        Function 00511391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _free
                        • String ID:
                        • API String ID: 269201875-0
                        • Opcode ID: 9a176e9108a8bcce2af6cbcc398058affe389ab369c325d7076f075fdfdbaaee
                        • Instruction ID: 117db6cd245232f4aa65a41bbbca628e62c4b5af6b449bbcb4083cebe9660510
                        • Opcode Fuzzy Hash: 9a176e9108a8bcce2af6cbcc398058affe389ab369c325d7076f075fdfdbaaee
                        • Instruction Fuzzy Hash: DD417D316009056BFF216BB98C496FE3EA5FF41770F1406A6F619C21D2F6B448805669
                        Function 00566278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                        Download Yara Rule
                        APIs
                        • GetWindowRect.USER32(?,?), ref: 005662E2
                        • ScreenToClient.USER32(?,?), ref: 00566315
                        • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00566382
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$ClientMoveRectScreen
                        • String ID:
                        • API String ID: 3880355969-0
                        • Opcode ID: 3a28ac3506e95060dd8b0d54a986a6b68ffc7adb288915655639fea622246120
                        • Instruction ID: 7ff0176e5b34d3906663ace93fe69ace778aeaae421ddf44b200502c6fc59394
                        • Opcode Fuzzy Hash: 3a28ac3506e95060dd8b0d54a986a6b68ffc7adb288915655639fea622246120
                        • Instruction Fuzzy Hash: A1512974A00209AFCF10DF68D8809AE7FB6FB55364F10866AF8559B3A0D730ED81DB90
                        Function 00551AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                        Download Yara Rule
                        APIs
                        • socket.WSOCK32(00000002,00000002,00000011), ref: 00551AFD
                        • WSAGetLastError.WSOCK32 ref: 00551B0B
                        • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00551B8A
                        • WSAGetLastError.WSOCK32 ref: 00551B94
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorLast$socket
                        • String ID:
                        • API String ID: 1881357543-0
                        • Opcode ID: 838aff12fe24c2c50d9974c46fb42787f7e030f8df58f8c30f7fde6ca846c412
                        • Instruction ID: e1d6879d8c0836371e3a11fe6b1df54560ace2c5629c5fa0c826da24f5b70052
                        • Opcode Fuzzy Hash: 838aff12fe24c2c50d9974c46fb42787f7e030f8df58f8c30f7fde6ca846c412
                        • Instruction Fuzzy Hash: F441E034600200AFE720AF25C896F297BE5EB44718F54848EF91A8F3D2D7B6ED41CB94
                        Function 0050B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 707d70c106358d7461a70ed0ba0339cb270949c6d2ec873037d0996af9700808
                        • Instruction ID: 797d024ecfb996ab2f59947b7123bd2da7d9c153c4dd78bdc59011b32ccc9b14
                        • Opcode Fuzzy Hash: 707d70c106358d7461a70ed0ba0339cb270949c6d2ec873037d0996af9700808
                        • Instruction Fuzzy Hash: 0941E771A00705AFEB249F78CC85BAE7FA9FB88710F10456AF545DB2C1D7719A418780
                        Function 005456D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                        Download Yara Rule
                        APIs
                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00545783
                        • GetLastError.KERNEL32(?,00000000), ref: 005457A9
                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 005457CE
                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 005457FA
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CreateHardLink$DeleteErrorFileLast
                        • String ID:
                        • API String ID: 3321077145-0
                        • Opcode ID: 4676812a29fd0185ff65124c8ef14bb92d40e065622de243320b368885996bbb
                        • Instruction ID: 27839b7c86a5187029deb1bc26f76a62f5526741455103db97fc09d2ed3f5896
                        • Opcode Fuzzy Hash: 4676812a29fd0185ff65124c8ef14bb92d40e065622de243320b368885996bbb
                        • Instruction Fuzzy Hash: 44414F39600611DFCB11DF15C464A5DBBE1FF89768B19848AEC4A9B362DB34FD00CB95
                        Function 0050D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                        Download Yara Rule
                        APIs
                        • MultiByteToWideChar.KERNEL32(?,00000000,?,004F6D71,00000000,00000000,004F82D9,?,004F82D9,?,00000001,004F6D71,?,00000001,004F82D9,004F82D9), ref: 0050D910
                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0050D999
                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0050D9AB
                        • __freea.LIBCMT ref: 0050D9B4
                          • Part of subcall function 00503820: RtlAllocateHeap.NTDLL(00000000,?,005A1444,?,004EFDF5,?,?,004DA976,00000010,005A1440,004D13FC,?,004D13C6,?,004D1129), ref: 00503852
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                        • String ID:
                        • API String ID: 2652629310-0
                        • Opcode ID: d578d2988b10eb089ac8192e05a756fef6e9b4fbf5a0ab6a618edf41275e5726
                        • Instruction ID: 70e213682cf9513d5c25ed638dc6dcd1de9216c1f44672fd763498e449ad053d
                        • Opcode Fuzzy Hash: d578d2988b10eb089ac8192e05a756fef6e9b4fbf5a0ab6a618edf41275e5726
                        • Instruction Fuzzy Hash: 3B31CB72A0020AABDB24CFA5DD45EAE7FB5EB41350F054669FC04D7290EB35CD54CBA0
                        Function 005652C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00565352
                        • GetWindowLongW.USER32(?,000000F0), ref: 00565375
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00565382
                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005653A8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: LongWindow$InvalidateMessageRectSend
                        • String ID:
                        • API String ID: 3340791633-0
                        • Opcode ID: d62b5b6402aea93f4ed532533ca402fe1f6bb2e79b5efdcdd324e49fa85b1c8f
                        • Instruction ID: f2585af78d3f46f1298a9314eb1eccfd592803f9343c3c97e88d60c2f1c4f28f
                        • Opcode Fuzzy Hash: d62b5b6402aea93f4ed532533ca402fe1f6bb2e79b5efdcdd324e49fa85b1c8f
                        • Instruction Fuzzy Hash: 2731B434BD5A08AFEB309E18CC15BE93F65BB05B90F584902FA51973E1E7B09D40A745
                        Function 0053AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                        Download Yara Rule
                        APIs
                        • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0053ABF1
                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 0053AC0D
                        • PostMessageW.USER32(00000000,00000101,00000000), ref: 0053AC74
                        • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0053ACC6
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: KeyboardState$InputMessagePostSend
                        • String ID:
                        • API String ID: 432972143-0
                        • Opcode ID: cde56fc18798e0e137c843432f9943a83fb37209efe69aa80c99748e5d7fb5a4
                        • Instruction ID: cd63db0bab7f4fe0ccec8c9f8a7b4e82a1ffa0029d3f4acd1b8072165d4c93aa
                        • Opcode Fuzzy Hash: cde56fc18798e0e137c843432f9943a83fb37209efe69aa80c99748e5d7fb5a4
                        • Instruction Fuzzy Hash: 2E311270A0421CAFFF268B69CC087FABFA5BB89310F08661AF4C1961D1C3758D959792
                        Function 00567674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                        Download Yara Rule
                        APIs
                        • ClientToScreen.USER32(?,?), ref: 0056769A
                        • GetWindowRect.USER32(?,?), ref: 00567710
                        • PtInRect.USER32(?,?,00568B89), ref: 00567720
                        • MessageBeep.USER32(00000000), ref: 0056778C
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Rect$BeepClientMessageScreenWindow
                        • String ID:
                        • API String ID: 1352109105-0
                        • Opcode ID: 5a0d0fd1c332630e3b4a741c5fe6649a312156bcecc731d65580b3d554408ad2
                        • Instruction ID: fd87cbc53d887660e248be739eb1e548b21f78702e2b0d2ce90c1c5cda09e76a
                        • Opcode Fuzzy Hash: 5a0d0fd1c332630e3b4a741c5fe6649a312156bcecc731d65580b3d554408ad2
                        • Instruction Fuzzy Hash: 8241A938A09219DFDB01CF58C894EA9BFF4FB5D318F1880A8E8149B261D730A945DF90
                        Function 005616DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                        Download Yara Rule
                        APIs
                        • GetForegroundWindow.USER32 ref: 005616EB
                          • Part of subcall function 00533A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00533A57
                          • Part of subcall function 00533A3D: GetCurrentThreadId.KERNEL32 ref: 00533A5E
                          • Part of subcall function 00533A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005325B3), ref: 00533A65
                        • GetCaretPos.USER32(?), ref: 005616FF
                        • ClientToScreen.USER32(00000000,?), ref: 0056174C
                        • GetForegroundWindow.USER32 ref: 00561752
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                        • String ID:
                        • API String ID: 2759813231-0
                        • Opcode ID: 4750f8133415d5e5dff69c853469c8bb71f6bca967a13bfb4e0730af79e204f9
                        • Instruction ID: 9e2c8edabd8deb6ecf48be0114eec74d2c1d5e33bae3c0213613d3ee3f53d510
                        • Opcode Fuzzy Hash: 4750f8133415d5e5dff69c853469c8bb71f6bca967a13bfb4e0730af79e204f9
                        • Instruction Fuzzy Hash: 15315271D00149AFCB00DFAAC895CAEBBF9FF48308B5480AEE415E7351D6359E45CBA0
                        Function 0053DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D7620: _wcslen.LIBCMT ref: 004D7625
                        • _wcslen.LIBCMT ref: 0053DFCB
                        • _wcslen.LIBCMT ref: 0053DFE2
                        • _wcslen.LIBCMT ref: 0053E00D
                        • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0053E018
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$ExtentPoint32Text
                        • String ID:
                        • API String ID: 3763101759-0
                        • Opcode ID: 466742ec713116239be56b1cac4329055dbcb0bea3660dfd2b985ba031511c12
                        • Instruction ID: 97ea727e114cebe69e8efc1232690aea7621767b4c06bebb3a49101d8ed7cdaa
                        • Opcode Fuzzy Hash: 466742ec713116239be56b1cac4329055dbcb0bea3660dfd2b985ba031511c12
                        • Instruction Fuzzy Hash: BE21D371900214EFCB10DFA9D882B7EBBF8FF85714F10406AE905BB281D6749E408BA5
                        Function 00568FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004E9BB2
                        • GetCursorPos.USER32(?), ref: 00569001
                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00527711,?,?,?,?,?), ref: 00569016
                        • GetCursorPos.USER32(?), ref: 0056905E
                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00527711,?,?,?), ref: 00569094
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                        • String ID:
                        • API String ID: 2864067406-0
                        • Opcode ID: fffc69f8fbe8bcb8fa4bf81fb1072b760be72952a26840a504706e586eef8714
                        • Instruction ID: 8062043066fcd318e2193c902a4ec2166fd96c2b02c4d20d2fca175876cdaba9
                        • Opcode Fuzzy Hash: fffc69f8fbe8bcb8fa4bf81fb1072b760be72952a26840a504706e586eef8714
                        • Instruction Fuzzy Hash: FC218D35601018AFCF258F99CC58EFA7FB9FB4A360F144059F9054B2A1C3759950EB60
                        Function 0053D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                        Download Yara Rule
                        APIs
                        • GetFileAttributesW.KERNEL32(?,0056CB68), ref: 0053D2FB
                        • GetLastError.KERNEL32 ref: 0053D30A
                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 0053D319
                        • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0056CB68), ref: 0053D376
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CreateDirectory$AttributesErrorFileLast
                        • String ID:
                        • API String ID: 2267087916-0
                        • Opcode ID: ba61ca672cec111f44fd9aa84844f36994d1421ef0d5fd072008d3c3dc5f20ed
                        • Instruction ID: fae07bab31950f0b4e7d2e3c9e118ef518b876da76d089d71d03341696990afc
                        • Opcode Fuzzy Hash: ba61ca672cec111f44fd9aa84844f36994d1421ef0d5fd072008d3c3dc5f20ed
                        • Instruction Fuzzy Hash: 86217C745092019F8310DF29E89186A7BF4BE5A768F504E1EF499C32A1D7319D49CBA3
                        Function 00531571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00531014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0053102A
                          • Part of subcall function 00531014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00531036
                          • Part of subcall function 00531014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00531045
                          • Part of subcall function 00531014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0053104C
                          • Part of subcall function 00531014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00531062
                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 005315BE
                        • _memcmp.LIBVCRUNTIME ref: 005315E1
                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00531617
                        • HeapFree.KERNEL32(00000000), ref: 0053161E
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                        • String ID:
                        • API String ID: 1592001646-0
                        • Opcode ID: f125a4c32885eb34578c9a7a9b506fe0107dce9bafe20613d91174df6b75bdb1
                        • Instruction ID: 8b43b0898d42cd2e237f4d9ff89379e644e228499a67434826d37068be150bde
                        • Opcode Fuzzy Hash: f125a4c32885eb34578c9a7a9b506fe0107dce9bafe20613d91174df6b75bdb1
                        • Instruction Fuzzy Hash: A8219D31E00509EFDF10DFA5C949BEEBBB8FF54354F084469E441AB241E770AA05DBA4
                        Function 00562782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                        Download Yara Rule
                        APIs
                        • GetWindowLongW.USER32(?,000000EC), ref: 0056280A
                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00562824
                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00562832
                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00562840
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$Long$AttributesLayered
                        • String ID:
                        • API String ID: 2169480361-0
                        • Opcode ID: 82207de8a1a38c6fb094513a00931976bb3df58f5c82bfb2f764195b1a4381d6
                        • Instruction ID: c52759f3b8c459cbf7fd207db4ef53a7853ed5e4dc250ae7496271f939741b01
                        • Opcode Fuzzy Hash: 82207de8a1a38c6fb094513a00931976bb3df58f5c82bfb2f764195b1a4381d6
                        • Instruction Fuzzy Hash: 2A21E031204A11AFD7149B28CC54FAA7F95FF95328F148259F4268B6E2C7B5EC82CBD0
                        Function 005378F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00538D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0053790A,?,000000FF,?,00538754,00000000,?,0000001C,?,?), ref: 00538D8C
                          • Part of subcall function 00538D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00538DB2
                          • Part of subcall function 00538D7D: lstrcmpiW.KERNEL32(00000000,?,0053790A,?,000000FF,?,00538754,00000000,?,0000001C,?,?), ref: 00538DE3
                        • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00538754,00000000,?,0000001C,?,?,00000000), ref: 00537923
                        • lstrcpyW.KERNEL32(00000000,?), ref: 00537949
                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,00538754,00000000,?,0000001C,?,?,00000000), ref: 00537984
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: lstrcmpilstrcpylstrlen
                        • String ID: cdecl
                        • API String ID: 4031866154-3896280584
                        • Opcode ID: cfc26c6087d6d4a6b085c715daca467f07087aad1db4e8d4714a8d2a88b1189a
                        • Instruction ID: 039812f71d383a83e9043c8313863455aebb0c270f83cc89c774638546c9d92f
                        • Opcode Fuzzy Hash: cfc26c6087d6d4a6b085c715daca467f07087aad1db4e8d4714a8d2a88b1189a
                        • Instruction Fuzzy Hash: 5611267A200346ABCB259F39C844E7A7BA9FF99350F00412AF842C72A4EB71D801D7A1
                        Function 00567CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                        Download Yara Rule
                        APIs
                        • GetWindowLongW.USER32(?,000000F0), ref: 00567D0B
                        • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00567D2A
                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00567D42
                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0054B7AD,00000000), ref: 00567D6B
                          • Part of subcall function 004E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004E9BB2
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$Long
                        • String ID:
                        • API String ID: 847901565-0
                        • Opcode ID: f7cadfb495f5f3cd836688c4e7515775d332ca349cfbc568b2ede9743bcb93e8
                        • Instruction ID: 4bc09968cb441d5d641cd4d38e46871b8697a975756a60fa767df85617ba3f8a
                        • Opcode Fuzzy Hash: f7cadfb495f5f3cd836688c4e7515775d332ca349cfbc568b2ede9743bcb93e8
                        • Instruction Fuzzy Hash: 4C116A31604619AFCB109F28CC04AAA3FA5BF5A364B158B24F839CB2E0E7309955DB90
                        Function 00565660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00001060,?,00000004), ref: 005656BB
                        • _wcslen.LIBCMT ref: 005656CD
                        • _wcslen.LIBCMT ref: 005656D8
                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00565816
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend_wcslen
                        • String ID:
                        • API String ID: 455545452-0
                        • Opcode ID: af50e5979f7947a235b72190a54bf433e6115d7e03fcda495fe785e9a1e0b4bb
                        • Instruction ID: f8637237fc78273052ec5e6a29ab22278cb73e4b1290a6eed0623425fb7f3194
                        • Opcode Fuzzy Hash: af50e5979f7947a235b72190a54bf433e6115d7e03fcda495fe785e9a1e0b4bb
                        • Instruction Fuzzy Hash: 7B11DF7168060996DF209B65CC85AFE3FACBB11764F10456AF91597081FBB48A84CB64
                        Function 00501D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6af692db531381742742c8bd8103d1f31725737339d51c6a2ab443f649a5de09
                        • Instruction ID: 030949d57c5348ced3bc9137ee6ce407e6545b386ee5b7e71765e896a756c316
                        • Opcode Fuzzy Hash: 6af692db531381742742c8bd8103d1f31725737339d51c6a2ab443f649a5de09
                        • Instruction Fuzzy Hash: 43018FB3205A167EF61126B86CC4F2F6E1CFF923B8F340725F521621D2EB608C409165
                        Function 00531A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00531A47
                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00531A59
                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00531A6F
                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00531A8A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID:
                        • API String ID: 3850602802-0
                        • Opcode ID: 0d9496b93629a4966a321a964bd72fa381bd645fab7f54aa515c8471ac242db8
                        • Instruction ID: 11b0ee61c5c9443826e67d6119b69e9e94b8248bce2390b52c03806a4c95a0c0
                        • Opcode Fuzzy Hash: 0d9496b93629a4966a321a964bd72fa381bd645fab7f54aa515c8471ac242db8
                        • Instruction Fuzzy Hash: 4411093AD01219FFEB11DBA9CD85FADBB78FB08750F200091EA05B7290D6716E50DB98
                        Function 0053E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                        Download Yara Rule
                        APIs
                        • GetCurrentThreadId.KERNEL32 ref: 0053E1FD
                        • MessageBoxW.USER32(?,?,?,?), ref: 0053E230
                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0053E246
                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0053E24D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                        • String ID:
                        • API String ID: 2880819207-0
                        • Opcode ID: 39e0c3075c306cce5bd14f7d87c7127c3ca4d55a5e22f5f398c2676a5977f689
                        • Instruction ID: 91534d22866bf07185e8b1d5aeba1f6e7f1445716cc2ad3b84d7e5af69fa9d1a
                        • Opcode Fuzzy Hash: 39e0c3075c306cce5bd14f7d87c7127c3ca4d55a5e22f5f398c2676a5977f689
                        • Instruction Fuzzy Hash: 3A110876904254BBCB019FAC9C06AAF7FADAB56310F00465AF915D32D0D2B0990897A0
                        Function 004FD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                        Download Yara Rule
                        APIs
                        • CreateThread.KERNEL32(00000000,?,004FCFF9,00000000,00000004,00000000), ref: 004FD218
                        • GetLastError.KERNEL32 ref: 004FD224
                        • __dosmaperr.LIBCMT ref: 004FD22B
                        • ResumeThread.KERNEL32(00000000), ref: 004FD249
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Thread$CreateErrorLastResume__dosmaperr
                        • String ID:
                        • API String ID: 173952441-0
                        • Opcode ID: ba3c55a7bf8efc5afe1b47bc22595622a453d542492e417e6c172992298c0aca
                        • Instruction ID: e9d17603289063dd447d2945ad5b5bd9f70d8e033ce0beab98407fa2f1f8bb8f
                        • Opcode Fuzzy Hash: ba3c55a7bf8efc5afe1b47bc22595622a453d542492e417e6c172992298c0aca
                        • Instruction Fuzzy Hash: CD01043280410C7BCB115BAADC09BBF7A6ADF82330F11025AFA24922D0CF758805C6A5
                        Function 00569EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004E9BB2
                        • GetClientRect.USER32(?,?), ref: 00569F31
                        • GetCursorPos.USER32(?), ref: 00569F3B
                        • ScreenToClient.USER32(?,?), ref: 00569F46
                        • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00569F7A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Client$CursorLongProcRectScreenWindow
                        • String ID:
                        • API String ID: 4127811313-0
                        • Opcode ID: d616df55b886091204f299fa60900251ccfe642b60d4bb16ffa2f3199121b7c5
                        • Instruction ID: b48d9e330277f16632f3a51b052e8c2b86276bb2abdd6bffeec8dfbc56282871
                        • Opcode Fuzzy Hash: d616df55b886091204f299fa60900251ccfe642b60d4bb16ffa2f3199121b7c5
                        • Instruction Fuzzy Hash: 5F11573690015AABDB11DFA8C8899FEBBBCFB45311F014456F942E3140D770BA85DBA5
                        Function 004D600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                        Download Yara Rule
                        APIs
                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004D604C
                        • GetStockObject.GDI32(00000011), ref: 004D6060
                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 004D606A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CreateMessageObjectSendStockWindow
                        • String ID:
                        • API String ID: 3970641297-0
                        • Opcode ID: fd55ef35def0975999418782116bfbdfab66c241ee65b8a594dd603c7d93238c
                        • Instruction ID: 79365c07a97c04fa7eeae324658b118da5bcb919f42393eafd2b6122e49ffd79
                        • Opcode Fuzzy Hash: fd55ef35def0975999418782116bfbdfab66c241ee65b8a594dd603c7d93238c
                        • Instruction Fuzzy Hash: B4118E72501509BFEF129FA48C54AEB7F69EF19354F010107FA1552210C77A9C60EB94
                        Function 004F3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • ___BuildCatchObject.LIBVCRUNTIME ref: 004F3B56
                          • Part of subcall function 004F3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 004F3AD2
                          • Part of subcall function 004F3AA3: ___AdjustPointer.LIBCMT ref: 004F3AED
                        • _UnwindNestedFrames.LIBCMT ref: 004F3B6B
                        • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 004F3B7C
                        • CallCatchBlock.LIBVCRUNTIME ref: 004F3BA4
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                        • String ID:
                        • API String ID: 737400349-0
                        • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                        • Instruction ID: 9f3dcdba291d34826516b68c4fe9136fd88c6c37e45e7c4cb74b59cd69180437
                        • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                        • Instruction Fuzzy Hash: 4B012D3210014DBBDF115E96CC42DFB3B69EF88759F04405AFF4866121C73AE961DBA4
                        Function 00503073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,004D13C6,00000000,00000000,?,0050301A,004D13C6,00000000,00000000,00000000,?,0050328B,00000006,FlsSetValue), ref: 005030A5
                        • GetLastError.KERNEL32(?,0050301A,004D13C6,00000000,00000000,00000000,?,0050328B,00000006,FlsSetValue,00572290,FlsSetValue,00000000,00000364,?,00502E46), ref: 005030B1
                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0050301A,004D13C6,00000000,00000000,00000000,?,0050328B,00000006,FlsSetValue,00572290,FlsSetValue,00000000), ref: 005030BF
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: LibraryLoad$ErrorLast
                        • String ID:
                        • API String ID: 3177248105-0
                        • Opcode ID: aa061887c088268462128551d7c11768f8bdffeb48a9c384dabb0072bdcf2158
                        • Instruction ID: 2ae15dda7cfe1a5a688360d010a0c1ad6ab15da6735e43061303f2edd29312ef
                        • Opcode Fuzzy Hash: aa061887c088268462128551d7c11768f8bdffeb48a9c384dabb0072bdcf2158
                        • Instruction Fuzzy Hash: 4E01F736312622ABCB314F7DAC5896B7F9CBF15B61B104620F945E71D0D721D909C6E0
                        Function 00537464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0053747F
                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00537497
                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 005374AC
                        • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 005374CA
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Type$Register$FileLoadModuleNameUser
                        • String ID:
                        • API String ID: 1352324309-0
                        • Opcode ID: 87c12ddcad28aecb3bcbe3e191eb5059444929586d985c9bb3a2d5fff8be188b
                        • Instruction ID: 02dde37411463675f50e48d6cd8287e341fc9a4ccd09affb9a896c6baa1c0739
                        • Opcode Fuzzy Hash: 87c12ddcad28aecb3bcbe3e191eb5059444929586d985c9bb3a2d5fff8be188b
                        • Instruction Fuzzy Hash: 19113CB56053199BEB308F58EC09FA27FF8FB04B04F108569A666D7551DBB0F908EB60
                        Function 0053B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                        Download Yara Rule
                        APIs
                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0053ACD3,?,00008000), ref: 0053B0C4
                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0053ACD3,?,00008000), ref: 0053B0E9
                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0053ACD3,?,00008000), ref: 0053B0F3
                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0053ACD3,?,00008000), ref: 0053B126
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CounterPerformanceQuerySleep
                        • String ID:
                        • API String ID: 2875609808-0
                        • Opcode ID: 75976b0332dc86761282edae7326bf26bdacb021eecd7c01f0834e3fb2e22922
                        • Instruction ID: 5350e7b610c6b9bddef75815be5320f685dcb62fc61f4e1f582fb23664041006
                        • Opcode Fuzzy Hash: 75976b0332dc86761282edae7326bf26bdacb021eecd7c01f0834e3fb2e22922
                        • Instruction Fuzzy Hash: D1115730C00528E7DF04AFA9E9586FEBF78BB5A311F00408ADA81B6185CB708650DB61
                        Function 00567E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                        Download Yara Rule
                        APIs
                        • GetWindowRect.USER32(?,?), ref: 00567E33
                        • ScreenToClient.USER32(?,?), ref: 00567E4B
                        • ScreenToClient.USER32(?,?), ref: 00567E6F
                        • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00567E8A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ClientRectScreen$InvalidateWindow
                        • String ID:
                        • API String ID: 357397906-0
                        • Opcode ID: 58d4408df82dfd5dd7f20f230c7743ef57da06082dbbfefa3482591c9682ce26
                        • Instruction ID: b0192331f9e507c1d3b67ed35391ebc20cd38f96be62fdccf5439ccb1420012d
                        • Opcode Fuzzy Hash: 58d4408df82dfd5dd7f20f230c7743ef57da06082dbbfefa3482591c9682ce26
                        • Instruction Fuzzy Hash: 0D1143B9D0024AAFDB41CFA8C8849EEBBF9FB18310F505056E955E3210D775AA54DF90
                        Function 00532DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00532DC5
                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00532DD6
                        • GetCurrentThreadId.KERNEL32 ref: 00532DDD
                        • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00532DE4
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                        • String ID:
                        • API String ID: 2710830443-0
                        • Opcode ID: 4faf68d9e669283c14090852444d7ea818a66cdb910f32d581f7fa06ec0937cc
                        • Instruction ID: 1352c14fa7335bb522076abf40611650cb7dedb5eb059e9b430d8e313328b2c4
                        • Opcode Fuzzy Hash: 4faf68d9e669283c14090852444d7ea818a66cdb910f32d581f7fa06ec0937cc
                        • Instruction Fuzzy Hash: 9DE06DB11016247ADB202B6ADC0DEFB7F6CFF62BA1F000415F106D20809AE18845D6B0
                        Function 00568863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004E9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 004E9693
                          • Part of subcall function 004E9639: SelectObject.GDI32(?,00000000), ref: 004E96A2
                          • Part of subcall function 004E9639: BeginPath.GDI32(?), ref: 004E96B9
                          • Part of subcall function 004E9639: SelectObject.GDI32(?,00000000), ref: 004E96E2
                        • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00568887
                        • LineTo.GDI32(?,?,?), ref: 00568894
                        • EndPath.GDI32(?), ref: 005688A4
                        • StrokePath.GDI32(?), ref: 005688B2
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                        • String ID:
                        • API String ID: 1539411459-0
                        • Opcode ID: ecc9f5551ef964591b081af89d027f51cc8c9765eaea5f8a08f1afec3d098170
                        • Instruction ID: bde629b7774dfdb26d930ce503d2242a0dc47c0d8cb03c8d4b907e75da1b5f33
                        • Opcode Fuzzy Hash: ecc9f5551ef964591b081af89d027f51cc8c9765eaea5f8a08f1afec3d098170
                        • Instruction Fuzzy Hash: 04F05E36041658FADB126F98AC0DFEE3F59AF2A320F048101FA51660E1C7B55519EFE9
                        Function 004E98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                        Download Yara Rule
                        APIs
                        • GetSysColor.USER32(00000008), ref: 004E98CC
                        • SetTextColor.GDI32(?,?), ref: 004E98D6
                        • SetBkMode.GDI32(?,00000001), ref: 004E98E9
                        • GetStockObject.GDI32(00000005), ref: 004E98F1
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Color$ModeObjectStockText
                        • String ID:
                        • API String ID: 4037423528-0
                        • Opcode ID: 5151a2f77198c4ed9da6936fcfc6e86f8207311696421ef0ce5bee8e7b1de3e0
                        • Instruction ID: 9b5a5c0d1a3d3b186205f002ef41b689ad0e9c5a6372987e517c62e88d84e829
                        • Opcode Fuzzy Hash: 5151a2f77198c4ed9da6936fcfc6e86f8207311696421ef0ce5bee8e7b1de3e0
                        • Instruction Fuzzy Hash: ECE06531244284ABDB215B78BC09BE93F10AB27336F04821AF6FA550E1C3B14654EB11
                        Function 0053162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                        Download Yara Rule
                        APIs
                        • GetCurrentThread.KERNEL32 ref: 00531634
                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,005311D9), ref: 0053163B
                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,005311D9), ref: 00531648
                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,005311D9), ref: 0053164F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CurrentOpenProcessThreadToken
                        • String ID:
                        • API String ID: 3974789173-0
                        • Opcode ID: eec3d6c43694ecc357632d72a555cd48507b77210e389a0903411a48711d6cfe
                        • Instruction ID: 69332726ab568e525599ea720fefc04a0c03302957c437a7d3bbdb1b58c56408
                        • Opcode Fuzzy Hash: eec3d6c43694ecc357632d72a555cd48507b77210e389a0903411a48711d6cfe
                        • Instruction Fuzzy Hash: 9FE08631601211EBD7201FF59D0DB6A3F7CBF647A1F144808F6C5CA080D6B44448D754
                        Function 0052D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                        Download Yara Rule
                        APIs
                        • GetDesktopWindow.USER32 ref: 0052D858
                        • GetDC.USER32(00000000), ref: 0052D862
                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0052D882
                        • ReleaseDC.USER32(?), ref: 0052D8A3
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CapsDesktopDeviceReleaseWindow
                        • String ID:
                        • API String ID: 2889604237-0
                        • Opcode ID: eec1346c2e5a5e3477bf4544e046caaa5d8f3e75e55ccc00d5117955878988e4
                        • Instruction ID: e1c25850e22cbf75f214bb1eecaed3484f274c938c13409cf163b4fb2f514182
                        • Opcode Fuzzy Hash: eec1346c2e5a5e3477bf4544e046caaa5d8f3e75e55ccc00d5117955878988e4
                        • Instruction Fuzzy Hash: 1DE01AB5800205DFCB419FA9D80C67DBFB1FB18311F14940AE88AE7250C7B85905AF54
                        Function 0052D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                        Download Yara Rule
                        APIs
                        • GetDesktopWindow.USER32 ref: 0052D86C
                        • GetDC.USER32(00000000), ref: 0052D876
                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0052D882
                        • ReleaseDC.USER32(?), ref: 0052D8A3
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CapsDesktopDeviceReleaseWindow
                        • String ID:
                        • API String ID: 2889604237-0
                        • Opcode ID: 48fc6e1998c94aaffcaef9a0ec9b1bc262af7ca1afd0b3fb54cf3716634d147d
                        • Instruction ID: 4b66a52766202f78b50b02763a9fbc6e0a31657ed5ba147c5a5f141ab33b83c7
                        • Opcode Fuzzy Hash: 48fc6e1998c94aaffcaef9a0ec9b1bc262af7ca1afd0b3fb54cf3716634d147d
                        • Instruction Fuzzy Hash: EBE01A74C00200DFCB409FA9D80C66DBFB1FB18315B14900AE88AE7250C7B85905AF44
                        Function 00544D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D7620: _wcslen.LIBCMT ref: 004D7625
                        • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00544ED4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Connection_wcslen
                        • String ID: *$LPT
                        • API String ID: 1725874428-3443410124
                        • Opcode ID: 91dda7dd8f1e416424f1409b3b26b985cdbc6b7346e9880dcfabfe9ff6e6621b
                        • Instruction ID: 40031fe155de55341e24b06b90b7df9172c658c2e8b05de83d01513dff41aa0f
                        • Opcode Fuzzy Hash: 91dda7dd8f1e416424f1409b3b26b985cdbc6b7346e9880dcfabfe9ff6e6621b
                        • Instruction Fuzzy Hash: 6A916E75A00244AFCB14DF59C494EAABBF5BF44308F18809AE80A9F362D735ED85CF91
                        Function 004FE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                        Download Yara Rule
                        APIs
                        • __startOneArgErrorHandling.LIBCMT ref: 004FE30D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ErrorHandling__start
                        • String ID: pow
                        • API String ID: 3213639722-2276729525
                        • Opcode ID: de3eae5ae3676876cb900382f9a3ed98733efee08ed8893f3b936b26c8284fc2
                        • Instruction ID: d8d8e5d29b83551c5ba4d57e577092629b0ce1819000538460d8a325a82e7e02
                        • Opcode Fuzzy Hash: de3eae5ae3676876cb900382f9a3ed98733efee08ed8893f3b936b26c8284fc2
                        • Instruction Fuzzy Hash: 8B51DC61E0C20E96CB117B25D90537E3F98FB44742F304C9AE5D5423F8EB389CC5AA4A
                        Function 00557771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                        Download Yara Rule
                        APIs
                        • CharUpperBuffW.USER32(0052569E,00000000,?,0056CC08,?,00000000,00000000), ref: 005578DD
                          • Part of subcall function 004D6B57: _wcslen.LIBCMT ref: 004D6B6A
                        • CharUpperBuffW.USER32(0052569E,00000000,?,0056CC08,00000000,?,00000000,00000000), ref: 0055783B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: BuffCharUpper$_wcslen
                        • String ID: <sY
                        • API String ID: 3544283678-3298100867
                        • Opcode ID: 8b68548da25410ca703a9ec0c8b3ad97be31f7a452d4e0d38c1280ea78222542
                        • Instruction ID: 6eb28a7a5f93daa1c54432362f166fe34c6321ce7e7ed2e1af904830d62c2e84
                        • Opcode Fuzzy Hash: 8b68548da25410ca703a9ec0c8b3ad97be31f7a452d4e0d38c1280ea78222542
                        • Instruction Fuzzy Hash: 29616F72914118AACF04EBA5DCB1DFDBB78FF18705B44052BF942A3191EB385A09DBA4
                        Function 004EE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID:
                        • String ID: #
                        • API String ID: 0-1885708031
                        • Opcode ID: 4527da1bf5bb081e20e2effa7a374d7c5358f008578a16ee8080011b0f3cfdab
                        • Instruction ID: 6f3cd957d17fbba957f8f0e91c9b71195db726568dc53ec980574ed49f79b001
                        • Opcode Fuzzy Hash: 4527da1bf5bb081e20e2effa7a374d7c5358f008578a16ee8080011b0f3cfdab
                        • Instruction Fuzzy Hash: 1D513535600296DFDF15DF6AE0826BA7FA4FF16310F28409AE9919B3C0D6389D43CB65
                        Function 004EF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                        Download Yara Rule
                        APIs
                        • Sleep.KERNEL32(00000000), ref: 004EF2A2
                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 004EF2BB
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: GlobalMemorySleepStatus
                        • String ID: @
                        • API String ID: 2783356886-2766056989
                        • Opcode ID: e0d764db185797f43537abe4161d25105d4dc5940df588d03724c0b2e5400e68
                        • Instruction ID: 988b64eb70ef1835c69d82fae3d5b0abab3534f00b7e9a66dcd89af743e02934
                        • Opcode Fuzzy Hash: e0d764db185797f43537abe4161d25105d4dc5940df588d03724c0b2e5400e68
                        • Instruction Fuzzy Hash: B75158714087459BD320AF11DC96BABBBF8FB94304F81884EF1D981295EB748529CB6A
                        Function 00555745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                        Download Yara Rule
                        APIs
                        • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 005557E0
                        • _wcslen.LIBCMT ref: 005557EC
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: BuffCharUpper_wcslen
                        • String ID: CALLARGARRAY
                        • API String ID: 157775604-1150593374
                        • Opcode ID: 3bcdccd709b928bd1412b9a855172b9fb034ddf614929c185c42bd7e96745fe0
                        • Instruction ID: 554fa1484433e412fd6ae785e8ef92c6da7157b6b83174e6eb49cbe9640af9f4
                        • Opcode Fuzzy Hash: 3bcdccd709b928bd1412b9a855172b9fb034ddf614929c185c42bd7e96745fe0
                        • Instruction Fuzzy Hash: 0E41AC31A102099FCB04DFA9C8A59BEBFB5FF59325F20402EE805A7291E7759D85CB90
                        Function 0054D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                        Download Yara Rule
                        APIs
                        • _wcslen.LIBCMT ref: 0054D130
                        • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0054D13A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CrackInternet_wcslen
                        • String ID: |
                        • API String ID: 596671847-2343686810
                        • Opcode ID: 9fdcbc4cf1c4f5d67cd3df90bd9bf487797e219bec1ac303b072c58ba0035f5a
                        • Instruction ID: 9b2327bbce5b944f64d920cf8b4b26c9d0b29031aeb00cd273ad4eab93cbcc84
                        • Opcode Fuzzy Hash: 9fdcbc4cf1c4f5d67cd3df90bd9bf487797e219bec1ac303b072c58ba0035f5a
                        • Instruction Fuzzy Hash: AA314C75D00209ABCF11EFA5CC95AEEBFB9FF05308F00001EF815A6265D735AA06DB64
                        Function 0056356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                        Download Yara Rule
                        APIs
                        • DestroyWindow.USER32(?,?,?,?), ref: 00563621
                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0056365C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$DestroyMove
                        • String ID: static
                        • API String ID: 2139405536-2160076837
                        • Opcode ID: 8afb47ee04ba402ba6e5ab9e45351a7a9df6ff881d68469bf0d2886da27881cc
                        • Instruction ID: 9b2ff83fdd1abbf2d8bbab0d2dc2a384e20f4f1517e03afd9835b55d92e2b97a
                        • Opcode Fuzzy Hash: 8afb47ee04ba402ba6e5ab9e45351a7a9df6ff881d68469bf0d2886da27881cc
                        • Instruction Fuzzy Hash: 7F319E71100604AEDB20DF68DC80EFB7BA9FF98724F00961EF9A597290DA74AD81D764
                        Function 00564537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0056461F
                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00564634
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID: '
                        • API String ID: 3850602802-1997036262
                        • Opcode ID: 4bc4d7686a29cab970571f79b75dc53d7eb2eae35133a00d3ce76cf95ba877ae
                        • Instruction ID: b80f7c092a579496617aec3ec00c9e5b90b66420eee2030c136dc5a1f5245ffc
                        • Opcode Fuzzy Hash: 4bc4d7686a29cab970571f79b75dc53d7eb2eae35133a00d3ce76cf95ba877ae
                        • Instruction Fuzzy Hash: B9313874A0120A9FDF14CFA9C990BEA7BB5FF19300F10416AE905AB341D770A941DF90
                        Function 005631EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0056327C
                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00563287
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID: Combobox
                        • API String ID: 3850602802-2096851135
                        • Opcode ID: 450600091803324af7758fec841979513b570e721f4eed925497ebc8b597b44d
                        • Instruction ID: 0545b639a2b29f4041bba55dfeaca2b7d57634abe0bb8dc163f742045c604b0d
                        • Opcode Fuzzy Hash: 450600091803324af7758fec841979513b570e721f4eed925497ebc8b597b44d
                        • Instruction Fuzzy Hash: F211E2753002097FFF219E54DC90EBB3FAAFB983A4F100129F9189B290D6719D518760
                        Function 00563710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004D604C
                          • Part of subcall function 004D600E: GetStockObject.GDI32(00000011), ref: 004D6060
                          • Part of subcall function 004D600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 004D606A
                        • GetWindowRect.USER32(00000000,?), ref: 0056377A
                        • GetSysColor.USER32(00000012), ref: 00563794
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                        • String ID: static
                        • API String ID: 1983116058-2160076837
                        • Opcode ID: 1c806d785afa75a1abffd9f7b2903918aaddf95047013b5da9cf5e0f65f73858
                        • Instruction ID: aaaea8cab1f261070d4b8f88814d2c332d5bd2955a8d74b51d39d2e68f7fd872
                        • Opcode Fuzzy Hash: 1c806d785afa75a1abffd9f7b2903918aaddf95047013b5da9cf5e0f65f73858
                        • Instruction Fuzzy Hash: A51159B261020AAFDB00DFA8CC45AFA7BB8FB08304F004915F956E3250E775E9519B50
                        Function 0054CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                        Download Yara Rule
                        APIs
                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0054CD7D
                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0054CDA6
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Internet$OpenOption
                        • String ID: <local>
                        • API String ID: 942729171-4266983199
                        • Opcode ID: cb62ae1a47dd7de166156e7ace874c974d84dcbac11a7ac351ce2af2f1053374
                        • Instruction ID: 6cee9d9601e5fd5785aca9f6f1a0aa3153da06d2481cfe4ea576dc3ab1d9c98e
                        • Opcode Fuzzy Hash: cb62ae1a47dd7de166156e7ace874c974d84dcbac11a7ac351ce2af2f1053374
                        • Instruction Fuzzy Hash: 04110671A026717AD7784B668C44EF3BE6CFF927A8F00422AB10983180D3709844D6F0
                        Function 00563429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetWindowTextLengthW.USER32(00000000), ref: 005634AB
                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 005634BA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: LengthMessageSendTextWindow
                        • String ID: edit
                        • API String ID: 2978978980-2167791130
                        • Opcode ID: 7d43c3d81ba3aac1392942f42d06f9d5f1e68fbf3fb3cbc1dae159e8707b1970
                        • Instruction ID: ccfa252c28314be5bc32482723bfea0b8f8eb247fb6ec70dbbe7cce50ba45bfa
                        • Opcode Fuzzy Hash: 7d43c3d81ba3aac1392942f42d06f9d5f1e68fbf3fb3cbc1dae159e8707b1970
                        • Instruction Fuzzy Hash: DB11BF71100108ABEF128E68DC48ABB7F6AFF15379F504724F961971E0CB71DC959750
                        Function 00536C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                        • CharUpperBuffW.USER32(?,?,?), ref: 00536CB6
                        • _wcslen.LIBCMT ref: 00536CC2
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen$BuffCharUpper
                        • String ID: STOP
                        • API String ID: 1256254125-2411985666
                        • Opcode ID: 648dc4d73109118dbbe56df2e67f04dfb51e358bc633952c18a4746ecf081f8b
                        • Instruction ID: 4b4324ee0b54459b68d10c95babe2e864fc3c5b70a6b4ddf99b470e553241dcc
                        • Opcode Fuzzy Hash: 648dc4d73109118dbbe56df2e67f04dfb51e358bc633952c18a4746ecf081f8b
                        • Instruction Fuzzy Hash: 3501043261052BAACB20AFBEDC908BF7BB4FA60714B40492DE85297291EB35DC00C750
                        Function 00531CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                          • Part of subcall function 00533CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00533CCA
                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00531D4C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ClassMessageNameSend_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 624084870-1403004172
                        • Opcode ID: 5b120770e12697bb8a7c458ca0a56c278d6df18fa35effa37eb038a0215239ea
                        • Instruction ID: 09afce9396626c2d99fb1a7d032f1b2789aa694b727fc3b0bf4fa8ffa6ef5199
                        • Opcode Fuzzy Hash: 5b120770e12697bb8a7c458ca0a56c278d6df18fa35effa37eb038a0215239ea
                        • Instruction Fuzzy Hash: BC01F531610218AB8B04EBB4CC158FE7B68FF57754F00091AF822973C1EB345D088764
                        Function 00531BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                          • Part of subcall function 00533CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00533CCA
                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 00531C46
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ClassMessageNameSend_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 624084870-1403004172
                        • Opcode ID: 9f7165588dadc6b7e77090d46d6d0517230e3aab34923697d085f05407b5a502
                        • Instruction ID: b25eef5fd774299412b7b1bc44c9d70f7979af392d7251b368d6defb436ceafe
                        • Opcode Fuzzy Hash: 9f7165588dadc6b7e77090d46d6d0517230e3aab34923697d085f05407b5a502
                        • Instruction Fuzzy Hash: A101F77179010C66CF04EBA1C9659FF7BA8AF11740F10101AF406A7281EA249E0897B9
                        Function 00531C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                          • Part of subcall function 00533CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00533CCA
                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 00531CC8
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ClassMessageNameSend_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 624084870-1403004172
                        • Opcode ID: afca5aa72293ce0e3e5d21898afab5ecd7c3763d16ea6cbe52c3a507d1f4df64
                        • Instruction ID: 699aa8bc3d2f6b89930deaf155309ef98fbdf02d74bf91f9ae226e6ea002a523
                        • Opcode Fuzzy Hash: afca5aa72293ce0e3e5d21898afab5ecd7c3763d16ea6cbe52c3a507d1f4df64
                        • Instruction Fuzzy Hash: 8101D67179011D67CF04FBB5CA12AFE7BA8BF11784F14101AB802B7281EA649F18D679
                        Function 004EA4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • __Init_thread_footer.LIBCMT ref: 004EA529
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Init_thread_footer_wcslen
                        • String ID: ,%Z$3yR
                        • API String ID: 2551934079-3260440254
                        • Opcode ID: f35a03a65f09f3ecdf6e2bbe73ea2ee056eba900617f41e2b5cf8cd7c959f24a
                        • Instruction ID: 0d996b44aedc7cad1239464801bb164e5bb658381f350838ead68e5503d770bf
                        • Opcode Fuzzy Hash: f35a03a65f09f3ecdf6e2bbe73ea2ee056eba900617f41e2b5cf8cd7c959f24a
                        • Instruction Fuzzy Hash: 3B014731B002549BCA00F76AE857AAD3754AB46716F40045FF6115B2C3DE187D058B9F
                        Function 00531D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004D9CB3: _wcslen.LIBCMT ref: 004D9CBD
                          • Part of subcall function 00533CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00533CCA
                        • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00531DD3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ClassMessageNameSend_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 624084870-1403004172
                        • Opcode ID: ce0329284ecb2739b1aec47b5b1254434af0b7cc4c6b742d3932b3f9ed5d79fc
                        • Instruction ID: 1bdaa10afeda934b13dcbac620ac54eab5b9d62a5ccf04b7eda3d7eb9576f210
                        • Opcode Fuzzy Hash: ce0329284ecb2739b1aec47b5b1254434af0b7cc4c6b742d3932b3f9ed5d79fc
                        • Instruction Fuzzy Hash: 77F0F471B5061966CB04F7B4CC62AFE7B68BF02784F040D1AF822A72C1EB745D088268
                        Function 00568172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                        Download Yara Rule
                        APIs
                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,005A3018,005A305C), ref: 005681BF
                        • CloseHandle.KERNEL32 ref: 005681D1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CloseCreateHandleProcess
                        • String ID: \0Z
                        • API String ID: 3712363035-3458171103
                        • Opcode ID: acbe73105dad0b6399f027deb36a2475393691e29111f6ab158030f8087742a9
                        • Instruction ID: 3c47cc71a240ff03e4e668e19cea38cbd65adff251d3f34030ae5089d8d90889
                        • Opcode Fuzzy Hash: acbe73105dad0b6399f027deb36a2475393691e29111f6ab158030f8087742a9
                        • Instruction Fuzzy Hash: 47F05EF1640304BAE3206765AC49FB77E9CFB16758F004425FB08D61A2D6B98A08A3B8
                        Function 0055747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: _wcslen
                        • String ID: 3, 3, 16, 1
                        • API String ID: 176396367-3042988571
                        • Opcode ID: f9fccfec2f0f16a0d466981cef138a4bee118a1610583cae09f42cee30d12cb8
                        • Instruction ID: ba70bab7a79f096c6ccf9388a70b13b90a2a5e778b2016500767ce827c63edbc
                        • Opcode Fuzzy Hash: f9fccfec2f0f16a0d466981cef138a4bee118a1610583cae09f42cee30d12cb8
                        • Instruction Fuzzy Hash: 94E02B52314324509A31127ABCD1D7F5E89EFCD761714182FFE85C2266EED88D9193A4
                        Function 00530B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                        Download Yara Rule
                        APIs
                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00530B23
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Message
                        • String ID: AutoIt$Error allocating memory.
                        • API String ID: 2030045667-4017498283
                        • Opcode ID: 4fd96f0a9a98a7f67066d1ce722409f3c5ad52f361a253c21b631cbbc5d2dcca
                        • Instruction ID: 5e483b681a0ed0b447fc3f8a59e6631ec01943bf1d563d537a8d78ce91843a65
                        • Opcode Fuzzy Hash: 4fd96f0a9a98a7f67066d1ce722409f3c5ad52f361a253c21b631cbbc5d2dcca
                        • Instruction Fuzzy Hash: 04E0D83124434826D31036567C03F997F849F05B15F10042FF798965C38AD6245056AD
                        Function 004F0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004EF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,004F0D71,?,?,?,004D100A), ref: 004EF7CE
                        • IsDebuggerPresent.KERNEL32(?,?,?,004D100A), ref: 004F0D75
                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,004D100A), ref: 004F0D84
                        Strings
                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 004F0D7F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                        • API String ID: 55579361-631824599
                        • Opcode ID: 1bfb83f02e8d86c1d2e7e5baa3dd8e9ae2445a1bad9d69ef08b67be25887f1e5
                        • Instruction ID: 4b1b3b2a334c0f47da310363ddb88890ce85bbffc84953e99c9a316cb39f1017
                        • Opcode Fuzzy Hash: 1bfb83f02e8d86c1d2e7e5baa3dd8e9ae2445a1bad9d69ef08b67be25887f1e5
                        • Instruction Fuzzy Hash: 81E06D742007518BD7709FBDE4043667FE4BB14749F00896FE9C2C7652EBB9E8488B95
                        Function 004EE398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                        Download Yara Rule
                        APIs
                        • __Init_thread_footer.LIBCMT ref: 004EE3D5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Init_thread_footer
                        • String ID: 0%Z$8%Z
                        • API String ID: 1385522511-1990778255
                        • Opcode ID: 3966b8a469a561677ff5157a9ada8a62892ca67950cf6e7ac617d07ec1a9a5fa
                        • Instruction ID: a3c60c693b830d766ab5ba62915e91172afb65d290b472ba637b045fd96648b0
                        • Opcode Fuzzy Hash: 3966b8a469a561677ff5157a9ada8a62892ca67950cf6e7ac617d07ec1a9a5fa
                        • Instruction Fuzzy Hash: 67E02635C00954CBC608971FB876A9D33D1BB4E326F1001ABE9028F6D29B386C41A65D
                        Function 00543017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                        Download Yara Rule
                        APIs
                        • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0054302F
                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00543044
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: Temp$FileNamePath
                        • String ID: aut
                        • API String ID: 3285503233-3010740371
                        • Opcode ID: 3bd6909632aaf9175b3595058d82e2763b88ece20eaff532a06a5e4bbaa8d861
                        • Instruction ID: 040d14dfdaf6c9239386b893dccd7e0f3aff110088fe694a48b386397edce70b
                        • Opcode Fuzzy Hash: 3bd6909632aaf9175b3595058d82e2763b88ece20eaff532a06a5e4bbaa8d861
                        • Instruction Fuzzy Hash: F8D05B7550031467DA209798DC0DFD73E6CD704750F000291BAD5D3091DAF49548CAD0
                        Function 0052D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: LocalTime
                        • String ID: %.3d$X64
                        • API String ID: 481472006-1077770165
                        • Opcode ID: f0bcc2b9c1fb64c8270d61c1099162dd9189edd45257f6af7bc6ddea7a785a41
                        • Instruction ID: 7531c92dae71f51f67276a33ae2681d3318124c42e754a3d864d1588301a96aa
                        • Opcode Fuzzy Hash: f0bcc2b9c1fb64c8270d61c1099162dd9189edd45257f6af7bc6ddea7a785a41
                        • Instruction Fuzzy Hash: A7D01269C08128EACB9097E1EC458B9BB7CBF19301FA08853F80692080D628D508A771
                        Function 00562356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                        Download Yara Rule
                        APIs
                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0056236C
                        • PostMessageW.USER32(00000000), ref: 00562373
                          • Part of subcall function 0053E97B: Sleep.KERNEL32 ref: 0053E9F3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: FindMessagePostSleepWindow
                        • String ID: Shell_TrayWnd
                        • API String ID: 529655941-2988720461
                        • Opcode ID: 3ff3d605d3e823d8c4851373816b2096894fb544d1bd99167ab9daf9b60bc7bc
                        • Instruction ID: 4c5ade406310b82c38968ea741a50e396c91cf83df661fa332ecc2569b763ef5
                        • Opcode Fuzzy Hash: 3ff3d605d3e823d8c4851373816b2096894fb544d1bd99167ab9daf9b60bc7bc
                        • Instruction Fuzzy Hash: E2D0C9323813117AEA64B774EC0FFD66E54AB65B10F004916B686EA1D0C9E0A809CA58
                        Function 00562322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                        Download Yara Rule
                        APIs
                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0056232C
                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0056233F
                          • Part of subcall function 0053E97B: Sleep.KERNEL32 ref: 0053E9F3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: FindMessagePostSleepWindow
                        • String ID: Shell_TrayWnd
                        • API String ID: 529655941-2988720461
                        • Opcode ID: 5efd5a33646e2eea800bf4efafb9e3258a4ad78c939a611e041752ccb92dc3cb
                        • Instruction ID: 1ba64381c2a4676ee0afd3e611fed75c1348ea622d598a3a54a8b5dfa2649344
                        • Opcode Fuzzy Hash: 5efd5a33646e2eea800bf4efafb9e3258a4ad78c939a611e041752ccb92dc3cb
                        • Instruction Fuzzy Hash: 6BD0C936394311B6EA64B774EC0FFD66E54AB64B10F004916B686AA1D0C9E0A809CA54
                        Function 0050BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0050BE93
                        • GetLastError.KERNEL32 ref: 0050BEA1
                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0050BEFC
                        Memory Dump Source
                        • Source File: 00000000.00000002.1638907280.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                        • Associated: 00000000.00000002.1638895918.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1638983395.0000000000592000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639111124.000000000059C000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1639123823.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d0000_file.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide$ErrorLast
                        • String ID:
                        • API String ID: 1717984340-0
                        • Opcode ID: 847eafc7e9ba2154bb9b7f9c5febe168787d250e967926b778ed7422310ae558
                        • Instruction ID: cbe9b3ba88f82a75c706d918d430699b4bd0b7c338ebd612433fa2d027e73f61
                        • Opcode Fuzzy Hash: 847eafc7e9ba2154bb9b7f9c5febe168787d250e967926b778ed7422310ae558
                        • Instruction Fuzzy Hash: 3941A234604206ABEF218F69CCC4ABE7FA9BF42710F154169FA59971E1DB318D01DB50