Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1504638
MD5:b4a9996ec8d5882c8f42789ef25e16db
SHA1:e04944a9991a0dbff3d5e0c338ccb500ed15041f
SHA256:9d1074158889499aaec70b85fe6c4841dcc8ce54be9aef57282ad3f3d238c63c
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7280 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B4A9996EC8D5882C8F42789EF25E16DB)
    • msedge.exe (PID: 7316 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7708 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2116,i,5697632899249799717,866239524462977966,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 7336 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7472 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7556 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8532 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16868626-3d9f-465a-aaa9-6931ccbc0913} 7556 "\\.\pipe\gecko-crash-server-pipe.7556" 1ddb6a71110 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9224 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4212 -parentBuildID 20230927232528 -prefsHandle 4580 -prefMapHandle 4576 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ad1efa2-3999-46d3-ace3-54c6a65f0c8c} 7556 "\\.\pipe\gecko-crash-server-pipe.7556" 1ddc96ebd10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7900 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8184 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2788 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8992 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6584 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9052 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6676 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9624 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7000 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9632 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7528 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9872 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7336 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9060 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5504 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeVirustotal: Detection: 29%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.5:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.5:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00AEDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ABC2A2 FindFirstFileExW,0_2_00ABC2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF68EE FindFirstFileW,FindClose,0_2_00AF68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00AF698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00AED076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00AED3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AF9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AF979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00AF9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00AF5C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 95MB
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 40.71.99.188 40.71.99.188
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00AFCE44
Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-177113503&timestamp=1725514201632 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726118998&P2=404&P3=2&P4=eLDtVxmfG1Q64N1BD3nyCCMmDkB4nBBSE6BOA7YMzXRdneEco8ojkqMX3gy7Jp4GGpHC27OsTdKCuCYOJ7LLJA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: Fgp+FIPJav5XMirZw9vb0zSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: NID=517=OOQmkBGkOU0r5eyCPs_Z5MljZ5QUYSxRCCszJEgsOrbtqKRWW7490iA6aKew1GjCaEew6AgaPRr9U5O7Jd_7lRkeqDp78ST6ktgycCYlp8Hki9A5IQct5IhLB2_cz3FrrJBb1e5ZwkeEX8GtxqR6st-t7v7lR4r3Ptg4afIuucU
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pXv2DxRdKyLrMnt&MD=+Dl1oAV+ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pXv2DxRdKyLrMnt&MD=+Dl1oAV+ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000006.00000003.2661310999.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423626454.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2661310999.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423626454.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log7.8.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log7.8.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log7.8.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000006.00000003.2661310999.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2148864564.000001DDC7FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423626454.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2211535632.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430308820.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2379320923.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000006.00000003.2211535632.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430308820.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2379320923.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000006.00000003.2661453805.000001DDC58D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2678753730.000001DDC58D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000006.00000003.2661453805.000001DDC58D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2678753730.000001DDC58D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000006.00000003.2661310999.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2148864564.000001DDC7FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423626454.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2424586574.000001DDC7F9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2149350584.000001DDC7F61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2424586574.000001DDC7F55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: 3bdb28f7-d3aa-4347-a85d-d35ff2229023.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579796622375","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579799061977","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579799707067","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370081399847792","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579803040033","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579804855868","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579804182147","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":369870},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579833750816","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579804641415","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":424940},"server":"https://accounts.google.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: 65a3b3e5-f385-420a-9b59-05177f093bac.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579796622375","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579799061977","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579799707067","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370081399847792","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579803040033","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579804855868","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579804182147","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":369870},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579833750816","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579804641415","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":424940},"server":"https://accounts.google.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000006.00000003.2378832344.000001DDC718C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2172399627.000001DDC718C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429772270.000001DDC718C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000006.00000003.2661339434.000001DDC6F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661249647.000001DDC782A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000006.00000003.2661339434.000001DDC6F3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000006.00000003.2678404984.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC7857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000006.00000003.2678404984.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC7857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2678404984.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC7857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2678404984.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC7857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2678404984.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC7857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2678404984.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC7857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2678404984.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC7857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000006.00000003.2678404984.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC7857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000006.00000003.2678404984.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC7857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2678404984.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429842282.000001DDC7185000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC7857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2678404984.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC7857000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC7857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2423413931.000001DDC782A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.orgP
Source: firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211055970.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429665641.000001DDC7621000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000006.00000003.2678863306.000001DDC58CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000006.00000003.2146010052.000001DDCA960000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000006.00000003.2678863306.000001DDC58CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000006.00000003.2430332027.000001DDC58D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000006.00000003.2661339434.000001DDC6F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429889162.000001DDC6FDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000006.00000003.2166812578.000001DDCAA7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000006.00000003.2166812578.000001DDCAA7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000006.00000003.2214004876.000001DDC3126000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000006.00000003.2213462332.000001DDC3181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000006.00000003.2214004876.000001DDC3126000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000006.00000003.2213462332.000001DDC3181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000006.00000003.2214004876.000001DDC3126000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000006.00000003.2450885977.000001DDC7049000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2704121280.000001DDC8110000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2170145712.000001DDC978B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158806110.000001DDC779A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210023500.000001DDC9823000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2172969364.000001DDC7049000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2105065952.000001DDC98CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2656640759.000001DDC810F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2147737509.000001DDC9892000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2105065952.000001DDC9892000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423021945.000001DDC9823000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652686584.000001DDC7049000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2167668213.000001DDCAA3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2811918211.000001DDC4CFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2170145712.000001DDC9724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2151571705.000001DDC77D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2214481701.000001DDC77A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158688298.000001DDC77F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2810179473.000001DDC8110000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2818129620.000001DDC77A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC786D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429665641.000001DDC7621000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211055970.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211055970.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211055970.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429665641.000001DDC7621000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000006.00000003.2424414373.000001DDC867B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000006.00000003.2423471777.000001DDC7049000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000006.00000003.2425569114.000001DDC786D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661110981.000001DDC786D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450682331.000001DDC786D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423290378.000001DDC786D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2678404984.000001DDC786D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC786D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
Source: mozilla-temp-41.6.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000006.00000003.2058792796.000001DDC736B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2057831137.000001DDC7100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058278496.000001DDC7336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058512857.000001DDC7350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058912858.000001DDC7383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058098836.000001DDC731C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000006.00000003.2146010052.000001DDCA9A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000006.00000003.2147737509.000001DDC988D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2105065952.000001DDC988D000.00000004.00000800.00020000.00000000.sdmp, Session_13369987796491313.8.drString found in binary or memory: https://accounts.google.com
Source: MediaDeviceSalts.8.dr, Session_13369987796491313.8.drString found in binary or memory: https://accounts.google.com/
Source: MediaDeviceSalts.8.drString found in binary or memory: https://accounts.google.com//
Source: History.8.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 0000000C.00000002.3231487446.000001F7D16BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Service&
Source: firefox.exe, 0000000F.00000002.3234391103.000001489C690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.goog
Source: Session_13369987796491313.8.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13369987796491313.8.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.8.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000002.1990016018.0000000001011000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1988047665.0000000001011000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1990016018.000000000102F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1988047665.000000000102F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1991534088.00000178346BD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1994359501.00000178346C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000000.00000002.1990016018.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdl
Source: Session_13369987796491313.8.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: 000003.log0.8.drString found in binary or memory: https://accounts.youtube.com/
Source: Session_13369987796491313.8.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1771
Source: firefox.exe, 00000006.00000003.2661541060.000001DDC5892000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000006.00000003.2424586574.000001DDC7F9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2149350584.000001DDC7F61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2424586574.000001DDC7F55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450530982.000001DDC7F41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2149629179.000001DDC7F41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429221328.000001DDC7F61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000006.00000003.2678863306.000001DDC58CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000006.00000003.2425876494.000001DDC6FDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429889162.000001DDC6FDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000006.00000003.2429842282.000001DDC7185000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://bard.google.com/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000006.00000003.2213462332.000001DDC31B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232651029.000001F7D1AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C5CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000006.00000003.2213462332.000001DDC31B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232651029.000001F7D1AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C5CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 00000006.00000003.2105982740.000001DDC86F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: Reporting and NEL.9.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.8.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.8.drString found in binary or memory: https://chromewebstore.google.com/
Source: 65a3b3e5-f385-420a-9b59-05177f093bac.tmp.9.dr, 3bdb28f7-d3aa-4347-a85d-d35ff2229023.tmp.9.dr, 1881a0fb-b719-4089-82ae-4052a4c5720d.tmp.9.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.8.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 65a3b3e5-f385-420a-9b59-05177f093bac.tmp.9.dr, 3bdb28f7-d3aa-4347-a85d-d35ff2229023.tmp.9.dr, 1881a0fb-b719-4089-82ae-4052a4c5720d.tmp.9.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000006.00000003.2058792796.000001DDC736B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2057831137.000001DDC7100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058278496.000001DDC7336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058512857.000001DDC7350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058912858.000001DDC7383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058098836.000001DDC731C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000006.00000003.2213462332.000001DDC31B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232651029.000001F7D1AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C5CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36
Source: firefox.exe, 00000006.00000003.2213462332.000001DDC31B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232651029.000001F7D1AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C5CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000006.00000003.2166812578.000001DDCAA7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000006.00000003.2207973796.000001DDCAAD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
Source: firefox.exe, 00000006.00000003.2166812578.000001DDCAA7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000006.00000003.2207973796.000001DDCAAD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
Source: firefox.exe, 00000006.00000003.2166812578.000001DDCAA7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000006.00000003.2166812578.000001DDCAA7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json0.8.drString found in binary or memory: https://docs.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000006.00000003.2424586574.000001DDC7F87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058792796.000001DDC736B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2148864564.000001DDC7F90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2057831137.000001DDC7100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058278496.000001DDC7336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058512857.000001DDC7350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2428962241.000001DDC7F90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058912858.000001DDC7383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058098836.000001DDC731C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000006.00000003.2159511541.000001DDC4C76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2811918211.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2823326315.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210985588.000001DDC6FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211055970.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211055970.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCate
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: firefox.exe, 00000006.00000003.2159511541.000001DDC4C76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2811918211.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2823326315.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210985588.000001DDC6FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000006.00000003.2166812578.000001DDCAA7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000006.00000003.2207973796.000001DDCAAD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000006.00000003.2103676141.000001DDC9EB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2659875792.000001DDC9EB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2086721196.000001DDC9EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000006.00000003.2430356452.000001DDC5892000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000006.00000003.2678863306.000001DDC58A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000006.00000003.2058792796.000001DDC736B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2057831137.000001DDC7100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058278496.000001DDC7336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058512857.000001DDC7350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058098836.000001DDC731C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000006.00000003.2148492242.000001DDC985F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2428048260.000001DDC96EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2170996467.000001DDC96EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 00000006.00000003.2170145712.000001DDC9755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.6.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000006.00000003.2173496949.000001DDC58BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000006.00000003.2677067966.000001DDCAC7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/3c7034d6-bc52-43bb-9a23-5da34ee205e0/health/
Source: firefox.exe, 00000006.00000003.2677067966.000001DDCAC7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661249647.000001DDC782A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/a83301c6-790b-49f3-adc7-55a855f7fe79/main/Fi
Source: firefox.exe, 00000006.00000003.2677067966.000001DDCAC7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/be317e0f-7a76-4e32-90c3-3ec18c407563/health/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000006.00000003.2679369224.000001DDC584A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000006.00000003.2661541060.000001DDC5892000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000006.00000003.2146010052.000001DDCA9A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000006.00000003.2146010052.000001DDCA9A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://m.kugou.com/
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://m.soundcloud.com/
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000006.00000003.2159511541.000001DDC4C76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2811918211.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2823326315.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210985588.000001DDC6FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000006.00000003.2159511541.000001DDC4C76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2811918211.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2823326315.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210985588.000001DDC6FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211055970.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000006.00000003.2159511541.000001DDC4C76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2811918211.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2823326315.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210985588.000001DDC6FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211055970.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 0000000C.00000002.3232651029.000001F7D1A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000006.00000003.2679369224.000001DDC5868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173026609.000001DDC6FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://music.amazon.com
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://music.apple.com
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://open.spotify.com
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000006.00000003.2159511541.000001DDC4C76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2811918211.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2823326315.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210985588.000001DDC6FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000006.00000003.2159511541.000001DDC4C76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2811918211.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2823326315.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210985588.000001DDC6FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211055970.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000006.00000003.2173187517.000001DDC6F88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000006.00000003.2426302010.000001DDC6F96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652456249.000001DDC786D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000006.00000003.2426302010.000001DDC6F96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000006.00000003.2451108256.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652994349.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2678863306.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2451108256.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000006.00000003.2451108256.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652994349.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2678863306.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2451108256.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000006.00000003.2451108256.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652994349.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2678863306.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2451108256.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000006.00000003.2451108256.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652994349.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2678863306.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2451108256.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000006.00000003.2451108256.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652994349.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2678863306.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2451108256.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450836591.000001DDC7623000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429665641.000001DDC7621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000006.00000003.2451108256.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652994349.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430356452.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2678863306.000001DDC58C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661541060.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2451108256.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000006.00000003.2661541060.000001DDC5892000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000006.00000003.2058098836.000001DDC731C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000006.00000003.2379543906.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000006.00000003.2653616106.000001DDC3CB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2451437848.000001DDC3CB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2662313485.000001DDC3CB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000006.00000003.2149862449.000001DDC7F2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000006.00000003.2149862449.000001DDC7F2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000006.00000003.2149350584.000001DDC7F61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2424586574.000001DDC7F55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429221328.000001DDC7F61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000006.00000003.2424586574.000001DDC7F9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2149350584.000001DDC7F61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2424586574.000001DDC7F55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450530982.000001DDC7F41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2149629179.000001DDC7F41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429221328.000001DDC7F61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000006.00000003.2661541060.000001DDC5892000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000006.00000003.2209582167.000001DDC999D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2104966140.000001DDC9993000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2093334430.000001DDC9993000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000006.00000003.2450836591.000001DDC7623000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429665641.000001DDC7621000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000006.00000003.2661541060.000001DDC5892000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000006.00000003.2661310999.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423626454.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmp, 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://web.telegram.org/
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000006.00000003.2213462332.000001DDC31B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232651029.000001F7D1AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C5CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 00000006.00000003.2058792796.000001DDC736B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2057831137.000001DDC7100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2149862449.000001DDC7F2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058278496.000001DDC7336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058512857.000001DDC7350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058912858.000001DDC7383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058098836.000001DDC731C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000006.00000003.2213462332.000001DDC31B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232651029.000001F7D1AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C5CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: https://www.digicert.com/CPS0
Source: content_new.js.8.dr, content.js.8.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000006.00000003.2058792796.000001DDC736B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2057831137.000001DDC7100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058278496.000001DDC7336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058512857.000001DDC7350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058912858.000001DDC7383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058098836.000001DDC731C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.8.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000006.00000003.2058792796.000001DDC736B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2057831137.000001DDC7100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2149862449.000001DDC7F2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058278496.000001DDC7336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058512857.000001DDC7350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058912858.000001DDC7383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058098836.000001DDC731C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: 65a3b3e5-f385-420a-9b59-05177f093bac.tmp.9.dr, 3bdb28f7-d3aa-4347-a85d-d35ff2229023.tmp.9.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.instagram.com
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.last.fm/
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000006.00000003.2213356462.000001DDC3C3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430626219.000001DDC5864000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2662118038.000001DDC5868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2653427050.000001DDC5868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2212478534.000001DDC5868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2679369224.000001DDC5868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000C.00000002.3232651029.000001F7D1AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C5CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000006.00000003.2146010052.000001DDCA9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2172835506.000001DDC7174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.office.com
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000006.00000003.2661310999.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423626454.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.tiktok.com/
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000006.00000003.2211535632.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661453805.000001DDC58D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430308820.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2379320923.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661310999.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2678753730.000001DDC58D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423626454.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173496949.000001DDC58BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2426558860.000001DDC58D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000006.00000003.2166812578.000001DDCAA7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: 99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.5:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.5:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00AFEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00AFED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00AFEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00AEAA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B19576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00B19576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1983490131.0000000000B42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_9f16d3aa-c
Source: file.exe, 00000000.00000000.1983490131.0000000000B42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_fd200e5f-b
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_26b7be34-f
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_d883b2ad-e
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001489C664EB7 NtQuerySystemInformation,15_2_000001489C664EB7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001489C6864B2 NtQuerySystemInformation,15_2_000001489C6864B2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AED5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00AED5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00AE1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00AEE8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A880600_2_00A88060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF20460_2_00AF2046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE82980_2_00AE8298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ABE4FF0_2_00ABE4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB676B0_2_00AB676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B148730_2_00B14873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AACAA00_2_00AACAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A8CAF00_2_00A8CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9CC390_2_00A9CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB6DD90_2_00AB6DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9D0630_2_00A9D063
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A891C00_2_00A891C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9B1190_2_00A9B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA13940_2_00AA1394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA17060_2_00AA1706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA781B0_2_00AA781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA19B00_2_00AA19B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A879200_2_00A87920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9997D0_2_00A9997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA7A4A0_2_00AA7A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA7CA70_2_00AA7CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA1C770_2_00AA1C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB9EEE0_2_00AB9EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0BE440_2_00B0BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA1F320_2_00AA1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001489C664EB715_2_000001489C664EB7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001489C6864B215_2_000001489C6864B2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001489C6864F215_2_000001489C6864F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001489C686BDC15_2_000001489C686BDC
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A89CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A9F9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00AA0A30 appears 46 times
Source: file.exe, 00000000.00000003.1988047665.0000000001004000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000000.00000002.1990016018.0000000001004000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@71/281@30/23
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF37B5 GetLastError,FormatMessageW,0_2_00AF37B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE10BF AdjustTokenPrivileges,CloseHandle,0_2_00AE10BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00AE16C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00AF51CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AED4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_00AED4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00AF648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A842A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00A842A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0eb14b1a-107d-49c8-a55c-1ab1bcb5a0de.tmpJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeVirustotal: Detection: 29%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2116,i,5697632899249799717,866239524462977966,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2788 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16868626-3d9f-465a-aaa9-6931ccbc0913} 7556 "\\.\pipe\gecko-crash-server-pipe.7556" 1ddb6a71110 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6584 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6676 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4212 -parentBuildID 20230927232528 -prefsHandle 4580 -prefMapHandle 4576 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ad1efa2-3999-46d3-ace3-54c6a65f0c8c} 7556 "\\.\pipe\gecko-crash-server-pipe.7556" 1ddc96ebd10 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7000 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7528 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7336 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5504 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2116,i,5697632899249799717,866239524462977966,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16868626-3d9f-465a-aaa9-6931ccbc0913} 7556 "\\.\pipe\gecko-crash-server-pipe.7556" 1ddb6a71110 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4212 -parentBuildID 20230927232528 -prefsHandle 4580 -prefMapHandle 4576 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ad1efa2-3999-46d3-ace3-54c6a65f0c8c} 7556 "\\.\pipe\gecko-crash-server-pipe.7556" 1ddc96ebd10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2788 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6584 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6676 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7000 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7528 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7336 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5504 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A842DE
Source: gmpopenh264.dll.tmp.6.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA0A76 push ecx; ret 0_2_00AA0A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00A9F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B11C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00B11C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96835
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001489C664EB7 rdtsc 15_2_000001489C664EB7
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.2 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00AEDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ABC2A2 FindFirstFileExW,0_2_00ABC2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF68EE FindFirstFileW,FindClose,0_2_00AF68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00AF698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00AED076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00AED3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AF9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AF979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00AF9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00AF5C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A842DE
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: firefox.exe, 0000000F.00000002.3234549591.000001489CB00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW;
Source: firefox.exe, 0000000F.00000002.3234549591.000001489CB00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW|
Source: Web Data.8.drBinary or memory string: discord.comVMware20,11696428655f
Source: Web Data.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: firefox.exe, 0000000F.00000002.3231091838.000001489C38A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: Web Data.8.drBinary or memory string: global block list test formVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: firefox.exe, 0000000C.00000002.3231487446.000001F7D16BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3235375823.000001F7D1D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000C.00000002.3234698396.000001F7D1C1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Web Data.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: firefox.exe, 0000000F.00000002.3234549591.000001489CB00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWa
Source: Web Data.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
Source: firefox.exe, 0000000C.00000002.3235375823.000001F7D1D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllb
Source: Web Data.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: firefox.exe, 00000006.00000003.2038422627.000001DDB8DF5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`1X
Source: firefox.exe, 0000000C.00000002.3235375823.000001F7D1D00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3234549591.000001489CB00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Web Data.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: firefox.exe, 0000000F.00000002.3234549591.000001489CB00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
Source: Web Data.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: firefox.exe, 0000000F.00000002.3234549591.000001489CB00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWB
Source: Web Data.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001489C664EB7 rdtsc 15_2_000001489C664EB7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFEAA2 BlockInput,0_2_00AFEAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00AB2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A842DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA4CE8 mov eax, dword ptr fs:[00000030h]0_2_00AA4CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00AE0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00AB2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00AA083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA09D5 SetUnhandledExceptionFilter,0_2_00AA09D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00AA0C21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00AE1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AC2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00AC2BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEB226 SendInput,keybd_event,0_2_00AEB226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B022DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00B022DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00AE0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00AE1663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA0698 cpuid 0_2_00AA0698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00AF8195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ADD27A GetUserNameW,0_2_00ADD27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ABB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00ABB952
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A842DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B01204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00B01204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B01806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00B01806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1504638 Sample: file.exe Startdate: 05/09/2024 Architecture: WINDOWS Score: 64 42 telemetry-incoming.r53-2.services.mozilla.com 2->42 44 services.addons.mozilla.org 2->44 46 11 other IPs or domains 2->46 64 Multi AV Scanner detection for submitted file 2->64 66 Binary is likely a compiled AutoIt script file 2->66 68 Machine Learning detection for sample 2->68 70 AI detected suspicious sample 2->70 8 file.exe 1 2->8         started        11 msedge.exe 65 405 2->11         started        14 firefox.exe 1 2->14         started        signatures3 process4 dnsIp5 72 Binary is likely a compiled AutoIt script file 8->72 74 Found API chain indicative of sandbox detection 8->74 16 msedge.exe 10 8->16         started        18 firefox.exe 1 8->18         started        60 192.168.2.5, 443, 49703, 49710 unknown unknown 11->60 62 239.255.255.250 unknown Reserved 11->62 20 msedge.exe 11->20         started        23 msedge.exe 11->23         started        25 msedge.exe 11->25         started        30 4 other processes 11->30 27 firefox.exe 3 95 14->27         started        signatures6 process7 dnsIp8 32 msedge.exe 16->32         started        48 13.107.246.40, 443, 49743, 49750 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->48 50 s-part-0023.t-0009.t-msedge.net 13.107.246.51, 443, 49738 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->50 56 17 other IPs or domains 20->56 52 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49751, 49756, 49783 GOOGLEUS United States 27->52 54 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 49792, 49793 GOOGLEUS United States 27->54 58 5 other IPs or domains 27->58 38 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 27->38 dropped 40 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 27->40 dropped 34 firefox.exe 27->34         started        36 firefox.exe 27->36         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe30%VirustotalBrowse
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
example.org0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
s-part-0023.t-0009.t-msedge.net0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
services.addons.mozilla.org0%VirustotalBrowse
prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
googlehosted.l.googleusercontent.com0%VirustotalBrowse
detectportal.firefox.com0%VirustotalBrowse
sni1gl.wpc.nucdn.net0%VirustotalBrowse
ipv4only.arpa0%VirustotalBrowse
bzib.nelreports.net0%VirustotalBrowse
telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
firefox.settings.services.mozilla.com0%VirustotalBrowse
clients2.googleusercontent.com0%VirustotalBrowse
ssl.bingadsedgeextension-prod-eastus.azurewebsites.net0%VirustotalBrowse
prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://detectportal.firefox.com/0%URL Reputationsafe
http://detectportal.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
https://profiler.firefox.com/0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://i.y.qq.com/n2/m/index.html0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://fpn.firefox.com0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://www.youtube.com0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%URL Reputationsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://tidal.com/0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://account.bellmedia.c0%URL Reputationsafe
https://gaana.com/0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
http://developer.mozilla.org/en/docs/DOM:element.addEventListener0%URL Reputationsafe
https://profiler.firefox.com0%URL Reputationsafe
https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
https://word.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
https://www.msn.com0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%VirustotalBrowse
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%VirustotalBrowse
https://www.instagram.com0%VirustotalBrowse
https://www.msn.com0%VirustotalBrowse
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
http://exslt.org/sets0%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
https://www.youtube.com0%VirustotalBrowse
https://www.amazon.com/exec/obidos/external-search/0%VirustotalBrowse
https://accounts.youtube.com/0%Avira URL Cloudsafe
http://exslt.org/common0%VirustotalBrowse
https://docs.google.com/0%VirustotalBrowse
https://web.telegram.org/0%VirustotalBrowse
http://exslt.org/sets0%VirustotalBrowse
https://github.com/mozilla-services/screenshots0%VirustotalBrowse
https://accounts.youtube.com/0%VirustotalBrowse
https://outlook.office.com/mail/compose?isExtension=true0%VirustotalBrowse
http://exslt.org/common0%Avira URL Cloudsafe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.360%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
http://exslt.org/dates-and-times0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalseunknown
chrome.cloudflare-dns.com
162.159.61.3
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
s-part-0023.t-0009.t-msedge.net
13.107.246.51
truefalseunknown
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
truefalseunknown
services.addons.mozilla.org
52.222.236.80
truefalseunknown
ssl.bingadsedgeextension-prod-eastus.azurewebsites.net
40.71.99.188
truefalseunknown
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
truefalseunknown
sni1gl.wpc.nucdn.net
152.199.21.175
truefalseunknown
ipv4only.arpa
192.0.0.171
truefalseunknown
googlehosted.l.googleusercontent.com
142.250.186.129
truefalseunknown
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
truefalseunknown
detectportal.firefox.com
unknown
unknownfalseunknown
clients2.googleusercontent.com
unknown
unknownfalseunknown
bzib.nelreports.net
unknown
unknownfalseunknown
firefox.settings.services.mozilla.com
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://www.google.com/favicon.icofalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://duckduckgo.com/chrome_newtabWeb Data.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/ac/?q=Web Data.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://detectportal.firefox.com/firefox.exe, 00000006.00000003.2146010052.000001DDCA960000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://services.addons.mozilla.orgfirefox.exe, 00000006.00000003.2379543906.000001DDC58B3000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.mozilla.com0firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429665641.000001DDC7621000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drfalse
  • URL Reputation: safe
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000006.00000003.2213462332.000001DDC31B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232651029.000001F7D1AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C5CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000C.00000002.3232651029.000001F7D1A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C592000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.9.drfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://docs.google.com/manifest.json0.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://screenshots.firefox.comfirefox.exe, 00000006.00000003.2661541060.000001DDC5892000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.youtube.com99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://completion.amazon.com/search/complete?q=firefox.exe, 00000006.00000003.2058792796.000001DDC736B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2057831137.000001DDC7100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058278496.000001DDC7336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058512857.000001DDC7350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058912858.000001DDC7383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058098836.000001DDC731C000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000006.00000003.2424586574.000001DDC7F9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2149350584.000001DDC7F61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2424586574.000001DDC7F55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2450530982.000001DDC7F41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2149629179.000001DDC7F41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429221328.000001DDC7F61000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.instagram.com99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/breach-details/firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000006.00000003.2166812578.000001DDCAA7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000006.00000003.2058792796.000001DDC736B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2057831137.000001DDC7100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2149862449.000001DDC7F2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058278496.000001DDC7336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058512857.000001DDC7350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058912858.000001DDC7383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058098836.000001DDC731C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.com/firefox.exe, 00000006.00000003.2173187517.000001DDC6F88000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.msn.comfirefox.exe, 00000006.00000003.2146010052.000001DDCA9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2172835506.000001DDC7174000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/mail/compose?isExtension=true99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/mozilla-services/screenshotsfirefox.exe, 00000006.00000003.2058792796.000001DDC736B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2057831137.000001DDC7100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058278496.000001DDC7336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058512857.000001DDC7350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2058098836.000001DDC731C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://exslt.org/setsfirefox.exe, 00000006.00000003.2214004876.000001DDC3126000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://i.y.qq.com/n2/m/index.html99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://www.deezer.com/99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://web.telegram.org/99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 00000006.00000003.2166812578.000001DDCAA7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://accounts.youtube.com/000003.log0.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://api.accounts.firefox.com/v1firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://exslt.org/commonfirefox.exe, 00000006.00000003.2214004876.000001DDC3126000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-2.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://fpn.firefox.comfirefox.exe, 00000006.00000003.2678863306.000001DDC58A5000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://exslt.org/dates-and-timesfirefox.exe, 00000006.00000003.2213462332.000001DDC3181000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-1.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://excel.new?from=EdgeM365Shoreline99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://www.youtube.com/firefox.exe, 00000006.00000003.2211535632.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661453805.000001DDC58D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2430308820.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2379320923.000001DDC58D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2661310999.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2678753730.000001DDC58D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423626454.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173496949.000001DDC58BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2426558860.000001DDC58D1000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-5.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.9.drfalse
  • URL Reputation: safe
unknown
http://127.0.0.1:firefox.exe, 00000006.00000003.2378832344.000001DDC718C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2172399627.000001DDC718C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429772270.000001DDC718C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mofirefox.exe, 00000006.00000003.2105982740.000001DDC86F1000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://mitmdetection.services.mozilla.com/firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://amazon.comfirefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000006.00000003.2149350584.000001DDC7F61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2424586574.000001DDC7F55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429221328.000001DDC7F61000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000006.00000003.2213462332.000001DDC31B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232651029.000001F7D1AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C5CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
  • URL Reputation: safe
unknown
https://chromewebstore.google.com/manifest.json.8.drfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-preprod.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000006.00000003.2213462332.000001DDC31B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173300473.000001DDC6F53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173187517.000001DDC6F7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3232651029.000001F7D1AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3231834909.000001489C5CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAD4000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bard.google.com/99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.office.com99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/0/99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000006.00000003.2653616106.000001DDC3CB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2451437848.000001DDC3CB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2662313485.000001DDC3CB8000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.6.drfalse
  • Avira URL Cloud: safe
unknown
https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211055970.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tidal.com/99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/aboutfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://mozilla.org/MPL/2.0/.firefox.exe, 00000006.00000003.2450885977.000001DDC7049000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2704121280.000001DDC8110000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2170145712.000001DDC978B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158806110.000001DDC779A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210023500.000001DDC9823000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2172969364.000001DDC7049000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2105065952.000001DDC98CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2656640759.000001DDC810F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2147737509.000001DDC9892000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2105065952.000001DDC9892000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2423021945.000001DDC9823000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2652686584.000001DDC7049000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2167668213.000001DDCAA3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2811918211.000001DDC4CFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2170145712.000001DDC9724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2151571705.000001DDC77D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2214481701.000001DDC77A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158688298.000001DDC77F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2810179473.000001DDC8110000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2818129620.000001DDC77A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425569114.000001DDC786D000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://account.bellmedia.cfirefox.exe, 00000006.00000003.2146010052.000001DDCA9A7000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://gaana.com/99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://login.microsoftonline.comfirefox.exe, 00000006.00000003.2146010052.000001DDCA9A7000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://coverage.mozilla.orgfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000006.00000003.2432296124.000001DDC8700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429665641.000001DDC7621000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drfalse
  • Avira URL Cloud: safe
unknown
https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.9.drfalse
  • URL Reputation: safe
unknown
https://outlook.live.com/mail/compose?isExtension=true99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://blocked.cdn.mozilla.net/firefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 00000006.00000003.2166812578.000001DDCAA7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2084598807.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2427123203.000001DDCAAAB000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.comfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000006.00000003.2159511541.000001DDC4C76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2811918211.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2823326315.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210985588.000001DDC6FD2000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://latest.web.skype.com/?browsername=edge_canary_shoreline99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://word.new?from=EdgeM365Shoreline99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000C.00000002.3232342118.000001F7D1890000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3233685605.000001489C600000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 00000006.00000003.2159511541.000001DDC4C76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173026609.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2811918211.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2429943756.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2823326315.000001DDC4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2425973084.000001DDC6FC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210985588.000001DDC6FD2000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
13.107.246.40
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
152.195.19.97
unknownUnited States
15133EDGECASTUSfalse
142.250.176.206
unknownUnited States
15169GOOGLEUSfalse
142.250.80.67
unknownUnited States
15169GOOGLEUSfalse
162.159.61.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
40.71.99.188
ssl.bingadsedgeextension-prod-eastus.azurewebsites.netUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.200.0.9
unknownUnited States
20940AKAMAI-ASN1EUfalse
172.64.41.3
unknownUnited States
13335CLOUDFLARENETUSfalse
34.120.208.123
telemetry-incoming.r53-2.services.mozilla.comUnited States
15169GOOGLEUSfalse
64.233.180.84
unknownUnited States
15169GOOGLEUSfalse
13.107.246.51
s-part-0023.t-0009.t-msedge.netUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
142.250.65.196
unknownUnited States
15169GOOGLEUSfalse
34.149.100.209
prod.remote-settings.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
52.222.236.80
services.addons.mozilla.orgUnited States
16509AMAZON-02USfalse
34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
142.250.80.78
unknownUnited States
15169GOOGLEUSfalse
142.250.186.129
googlehosted.l.googleusercontent.comUnited States
15169GOOGLEUSfalse
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
23.44.201.5
unknownUnited States
20940AKAMAI-ASN1EUfalse
35.190.72.216
prod.classify-client.prod.webservices.mozgcp.netUnited States
15169GOOGLEUSfalse

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1504638
Start date and time:2024-09-05 07:29:07 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 33s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:22
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal64.evad.winEXE@71/281@30/23
EGA Information:
  • Successful, ratio: 66.7%
HCA Information:
  • Successful, ratio: 96%
  • Number of executed functions: 36
  • Number of non-executed functions: 314
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 74.125.206.84, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.186.78, 13.107.6.158, 2.19.126.145, 2.19.126.152, 216.58.206.67, 216.58.206.35, 2.23.209.177, 2.23.209.161, 2.23.209.175, 2.23.209.182, 2.23.209.183, 2.23.209.158, 2.23.209.176, 2.23.209.160, 2.23.209.185, 20.199.58.43, 199.232.210.172, 192.229.221.95, 2.18.121.73, 2.18.121.79, 2.22.61.57, 2.22.61.59, 142.250.184.238, 142.250.185.142, 142.251.40.99, 142.251.32.99
  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, edgeassetservice.afd.azureedge.net, aus5.mozilla.org, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, www.bing.com, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, edgeassetservice.azureedge.net, clients.l.google.com, location.services.mozilla.com, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com, arc.msn.com, www.bing.com.edgekey.net, redirector.gvt1.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, config.edge.
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
162.159.61.3file.exeGet hashmaliciousUnknownBrowse
    file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        file.exeGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              file.exeGet hashmaliciousCoinhive, XmrigBrowse
                OmteV2.exeGet hashmaliciousLummaC StealerBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    Keyser & Mackay.pdfGet hashmaliciousUnknownBrowse
                      13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                      • www.aib.gov.uk/
                      NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                      • 2s.gg/3zs
                      PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                      • 2s.gg/42Q
                      06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                      • 2s.gg/3zk
                      Quotation.xlsGet hashmaliciousUnknownBrowse
                      • 2s.gg/3zM
                      40.71.99.188file.exeGet hashmaliciousUnknownBrowse
                        file.exeGet hashmaliciousBabadeda, Coinhive, XmrigBrowse
                          file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                            FAX_202405_136088.xhtmlGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousUnknownBrowse
                                file.exeGet hashmaliciousUnknownBrowse
                                  Payslip-9583.exeGet hashmaliciousUnknownBrowse
                                    http://woollamau.comGet hashmaliciousUnknownBrowse
                                      Setup.msiGet hashmaliciousAbobus ObfuscatorBrowse
                                        27-3-24 release.zipGet hashmaliciousUnknownBrowse
                                          152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                                          • www.ust.com/

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                                          • 172.64.41.3
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 162.159.61.3
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 162.159.61.3
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 162.159.61.3
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 162.159.61.3
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 172.64.41.3
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 162.159.61.3
                                          file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                          • 162.159.61.3
                                          OmteV2.exeGet hashmaliciousLummaC StealerBrowse
                                          • 162.159.61.3
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 172.64.41.3
                                          example.orgfile.exeGet hashmaliciousUnknownBrowse
                                          • 93.184.215.14
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 93.184.215.14
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 93.184.215.14
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 93.184.215.14
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 93.184.215.14
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 93.184.215.14
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 93.184.215.14
                                          file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                          • 93.184.215.14
                                          https://onedrive.live.com/view.aspx?resid=7AEF24C2ECCBD3A%21123&authkey=!ABehDrl0wDeSrDgGet hashmaliciousUnknownBrowse
                                          • 93.184.215.14
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 93.184.215.14
                                          s-part-0023.t-0009.t-msedge.nethttps://demo.testfire.net/login.jspGet hashmaliciousUnknownBrowse
                                          • 13.107.246.51
                                          https://forms.office.com/e/SK99GFntNY%9C%D1%96%D165qvqrYAVfmSXl6ObkQscukzhydtenmpez65qvqrYAVfmSXl6ObkQs?owla=529Kjosg2dGet hashmaliciousHTMLPhisherBrowse
                                          • 13.107.246.51
                                          UploadCustomersTemplate(2).xlsmGet hashmaliciousUnknownBrowse
                                          • 13.107.246.51
                                          https://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                          • 13.107.246.51
                                          17246518258434d926749df1a5b2ac19402a34471311ad8b84570ef434caa2be683e76b5f6307.dat-decoded.exeGet hashmaliciousXWormBrowse
                                          • 13.107.246.51
                                          services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                                          • 52.222.236.120
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 52.222.236.80
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 52.222.236.120
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 52.222.236.80
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 52.222.236.120
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 52.222.236.80
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 52.222.236.120
                                          file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                          • 18.65.39.85
                                          https://onedrive.live.com/view.aspx?resid=7AEF24C2ECCBD3A%21123&authkey=!ABehDrl0wDeSrDgGet hashmaliciousUnknownBrowse
                                          • 3.164.68.65
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 18.65.39.4

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          CLOUDFLARENETUSMV ALIADO - S-REQ-19-00064 List items.exeGet hashmaliciousFormBookBrowse
                                          • 104.21.88.99
                                          https://app.edu.buncee.com/buncee/67041126b8c5429abf86de62d6aaa0d9Get hashmaliciousUnknownBrowse
                                          • 104.17.24.14
                                          PO2021080127.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 188.114.97.3
                                          Alexander - Particulars(0)(8).xlsx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 188.114.97.3
                                          ELITE DIVA PARTICULARS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 188.114.96.3
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 172.64.41.3
                                          SecuriteInfo.com.Win32.CrypterX-gen.29913.30159.exeGet hashmaliciousFormBookBrowse
                                          • 172.67.162.99
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 172.64.41.3
                                          SWIFT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 188.114.96.3
                                          https://rf-190.squarespace.com/sharepoint?e=ben.ly@wic.vic.gov.auGet hashmaliciousUnknownBrowse
                                          • 104.21.31.101
                                          MICROSOFT-CORP-MSN-AS-BLOCKUShttps://app.edu.buncee.com/buncee/67041126b8c5429abf86de62d6aaa0d9Get hashmaliciousUnknownBrowse
                                          • 52.123.128.14
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 52.123.243.199
                                          https://rf-190.squarespace.com/sharepoint?e=ben.ly@wic.vic.gov.auGet hashmaliciousHTMLPhisherBrowse
                                          • 13.107.246.60
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.45
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60
                                          https://docsend.com/view/s/g9wy7hdqt2mwawpcGet hashmaliciousUnknownBrowse
                                          • 150.171.27.10
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60
                                          RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
                                          • 13.107.246.64
                                          RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
                                          • 20.157.217.118
                                          EDGECASTUShttps://app.edu.buncee.com/buncee/67041126b8c5429abf86de62d6aaa0d9Get hashmaliciousUnknownBrowse
                                          • 192.229.233.50
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 152.195.19.97
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 152.195.19.97
                                          https://rf-190.squarespace.com/sharepoint?e=ben.ly@wic.vic.gov.auGet hashmaliciousHTMLPhisherBrowse
                                          • 152.199.21.175
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 152.195.19.97
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 152.195.19.97
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 152.195.19.97
                                          https://5i4wgquoff3p4vcs4b2x3vrkqs4tqpgqetvwkictl2hqbggqideq.ar-io.dev/6jljQo4pdv5UUuB1fdYqhLk4PNAk62UgU16PAJjQQMkGet hashmaliciousHTMLPhisherBrowse
                                          • 152.199.21.175
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 152.195.19.97
                                          Igmbio REMITTANCE.htmGet hashmaliciousHTMLPhisherBrowse
                                          • 152.199.21.175
                                          MICROSOFT-CORP-MSN-AS-BLOCKUShttps://app.edu.buncee.com/buncee/67041126b8c5429abf86de62d6aaa0d9Get hashmaliciousUnknownBrowse
                                          • 52.123.128.14
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 52.123.243.199
                                          https://rf-190.squarespace.com/sharepoint?e=ben.ly@wic.vic.gov.auGet hashmaliciousHTMLPhisherBrowse
                                          • 13.107.246.60
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.45
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60
                                          https://docsend.com/view/s/g9wy7hdqt2mwawpcGet hashmaliciousUnknownBrowse
                                          • 150.171.27.10
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60
                                          RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
                                          • 13.107.246.64
                                          RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
                                          • 20.157.217.118

                                          JA3 Fingerprints

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          28a2c9bd18a11de089ef85a160da29e4https://app.edu.buncee.com/buncee/67041126b8c5429abf86de62d6aaa0d9Get hashmaliciousUnknownBrowse
                                          • 13.85.23.86
                                          • 184.28.90.27
                                          https://adobeadpjlkjdnldjddlkw.s3.us-west-1.amazonaws.com/adobescanner0987890.htmlGet hashmaliciousUnknownBrowse
                                          • 13.85.23.86
                                          • 184.28.90.27
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.85.23.86
                                          • 184.28.90.27
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.85.23.86
                                          • 184.28.90.27
                                          https://rf-190.squarespace.com/sharepoint?e=ben.ly@wic.vic.gov.auGet hashmaliciousHTMLPhisherBrowse
                                          • 13.85.23.86
                                          • 184.28.90.27
                                          https://7b14357e6ed5ac4dfd72842ddaaaed9f.ipfscdn.io/ipfs/QmenmshJ1Lkb1NoEFFwbJh7REUP2Z4SDr5eZL3JXuJLWkR#info@titlesqld.com.auGet hashmaliciousHTMLPhisherBrowse
                                          • 13.85.23.86
                                          • 184.28.90.27
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.85.23.86
                                          • 184.28.90.27
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 13.85.23.86
                                          • 184.28.90.27
                                          https://email.dependent.best/maintenance.html?book=py.kim@hdel.co.krGet hashmaliciousUnknownBrowse
                                          • 13.85.23.86
                                          • 184.28.90.27
                                          https://docsend.com/view/s/g9wy7hdqt2mwawpcGet hashmaliciousUnknownBrowse
                                          • 13.85.23.86
                                          • 184.28.90.27
                                          fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                                          • 35.244.181.201
                                          • 34.149.100.209
                                          • 52.222.236.80
                                          • 34.120.208.123
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 35.244.181.201
                                          • 34.149.100.209
                                          • 52.222.236.80
                                          • 34.120.208.123
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 35.244.181.201
                                          • 34.149.100.209
                                          • 52.222.236.80
                                          • 34.120.208.123
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 35.244.181.201
                                          • 34.149.100.209
                                          • 52.222.236.80
                                          • 34.120.208.123
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 35.244.181.201
                                          • 34.149.100.209
                                          • 52.222.236.80
                                          • 34.120.208.123
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 35.244.181.201
                                          • 34.149.100.209
                                          • 52.222.236.80
                                          • 34.120.208.123
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 35.244.181.201
                                          • 34.149.100.209
                                          • 52.222.236.80
                                          • 34.120.208.123
                                          file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                          • 35.244.181.201
                                          • 34.149.100.209
                                          • 52.222.236.80
                                          • 34.120.208.123
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 35.244.181.201
                                          • 34.149.100.209
                                          • 52.222.236.80
                                          • 34.120.208.123
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 35.244.181.201
                                          • 34.149.100.209
                                          • 52.222.236.80
                                          • 34.120.208.123

                                          Dropped Files

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                            file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                file.exeGet hashmaliciousUnknownBrowse

                                                                                  Created / dropped Files

                                                                                  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_85789a98-03a8-43ca-98a6-31b995562b55.json (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):6439
                                                                                  Entropy (8bit):5.144839921487366
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:1KMXIKFcbhbVbTbfbRbObtbyEznpnSrDtTZdB:1PNcNhnzFSJ7nSrDhZdB
                                                                                  MD5:8CEF346C0D0122BAAB9DF5A291383C0A
                                                                                  SHA1:5B25BE28732C28B9BF5D614919A1C577891D2FE3
                                                                                  SHA-256:CB87B991500BAE8F7ACE4C13E5EBC80359BB0621A6F005A9BABE9D21C0919409
                                                                                  SHA-512:A81C41CE2432B2B1BC8734319608F33E9FBA294F9CD81D4C7F217B0450FCF5AC707AD850EB3DEB808148535883B9548A9AE3203CBA573A0A2CCC800E23C4D9BE
                                                                                  Malicious:false
                                                                                  Preview:{"type":"uninstall","id":"85789a98-03a8-43ca-98a6-31b995562b55","creationDate":"2024-09-05T07:12:26.105Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_85789a98-03a8-43ca-98a6-31b995562b55.json.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):6439
                                                                                  Entropy (8bit):5.144839921487366
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:1KMXIKFcbhbVbTbfbRbObtbyEznpnSrDtTZdB:1PNcNhnzFSJ7nSrDhZdB
                                                                                  MD5:8CEF346C0D0122BAAB9DF5A291383C0A
                                                                                  SHA1:5B25BE28732C28B9BF5D614919A1C577891D2FE3
                                                                                  SHA-256:CB87B991500BAE8F7ACE4C13E5EBC80359BB0621A6F005A9BABE9D21C0919409
                                                                                  SHA-512:A81C41CE2432B2B1BC8734319608F33E9FBA294F9CD81D4C7F217B0450FCF5AC707AD850EB3DEB808148535883B9548A9AE3203CBA573A0A2CCC800E23C4D9BE
                                                                                  Malicious:false
                                                                                  Preview:{"type":"uninstall","id":"85789a98-03a8-43ca-98a6-31b995562b55","creationDate":"2024-09-05T07:12:26.105Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0eb14b1a-107d-49c8-a55c-1ab1bcb5a0de.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):44137
                                                                                  Entropy (8bit):6.090747766165329
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE06ftbz8hu3VlXr4CRo1
                                                                                  MD5:FB8843F9AAD9E61E5389B18FA5AB4964
                                                                                  SHA1:1CD23EB24DC9D0AD5230AA1845F0C28D682669FB
                                                                                  SHA-256:D1E6D8B2BBFC7E85797D76A3D428A9E7D0BBD9DCFFD0000080222F9AC93EF94F
                                                                                  SHA-512:92D8B9668658B0D5C03D2B8F8B33F268C5705084663328C1DE9E748C8FE33951B485073E1672EC817220A10B5CF971CAC7D541EDC51FD0B249D8140316C3A990
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\14de7dd1-7351-4551-b6f4-a5a37bd5b790.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:modified
                                                                                  Size (bytes):44600
                                                                                  Entropy (8bit):6.096789999249406
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBZwuZhDO6vP6Ox2ip4uU+CSDRRTycGoup1Xl3jVz6:z/Ps+wsI7ynE+64zuUJchu3VlXr4CRo1
                                                                                  MD5:010B2F54EBAC4F7AAB78126F170079B7
                                                                                  SHA1:EA6949D0EF698DBD6820D3699A43EA29A021CD96
                                                                                  SHA-256:5965C0A6864A1AE7F4115F206A937F902E6546098BCB3C0BE80DBAD4698463C7
                                                                                  SHA-512:6EEC120DD2A0B2CF325E95F1EAF1BB77EFF03A9997E9D5BF1B9247C4F1D187EF39130F6293316836700E5C84AF1C022E5B3D835900F4BC20733ED621D54D6CE5
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\330a06d9-9f22-4dc2-90e1-54f49729d3c0.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):44600
                                                                                  Entropy (8bit):6.096789999249406
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBZwuZhDO6vP6Ox2ip4uU+CSDRRTycGoup1Xl3jVz6:z/Ps+wsI7ynE+64zuUJchu3VlXr4CRo1
                                                                                  MD5:010B2F54EBAC4F7AAB78126F170079B7
                                                                                  SHA1:EA6949D0EF698DBD6820D3699A43EA29A021CD96
                                                                                  SHA-256:5965C0A6864A1AE7F4115F206A937F902E6546098BCB3C0BE80DBAD4698463C7
                                                                                  SHA-512:6EEC120DD2A0B2CF325E95F1EAF1BB77EFF03A9997E9D5BF1B9247C4F1D187EF39130F6293316836700E5C84AF1C022E5B3D835900F4BC20733ED621D54D6CE5
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\384291c6-0f1e-486d-8a21-621f5ee50935.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):42978
                                                                                  Entropy (8bit):6.081536842554794
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4n9gbEIhDO6vP6OBpSODFDTUCQavCAoQGoup1Xl3jVzXrv:mMGQ5XMBG9go6mavRoQhu3VlXr4s
                                                                                  MD5:B49DD2A2C9348F6ED4252BE5B6EECE60
                                                                                  SHA1:F51C221D66BBE06CD66B592861D8A701AF0BF1B1
                                                                                  SHA-256:CDD836F4E4AD3027C524AD222688CA0D7039D02653F0106F22506F2810317D29
                                                                                  SHA-512:47CC8A430415571AABE499C74CE7B307A4F6014A1DA5F7775B296F8AB0BA1986C09446E0B01C8DB467B4AC06F752CF1BA5A6E3CB03EE785D522D1EF2E4500DED
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5b885006-3e7e-40b1-abfa-811f28e9ce9a.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):41733
                                                                                  Entropy (8bit):6.091888136534333
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkB0wurhDO6vP6OBpSODFDTUhGoup1Xl3jVzXr4CCAg:z/Ps+wsI7yOEL64hu3VlXr4CRo1
                                                                                  MD5:76B5ADE0302A8982FBDE010C9608E988
                                                                                  SHA1:FFD997BC24A7D06995D17E8537248A5E669C4108
                                                                                  SHA-256:99AFD70E0BEC569BBE9A775E59DEBECB3ACFF23EBFD330EEE0159F461D804AEE
                                                                                  SHA-512:73CCC3B378C65CEB7C7D5691DF045CEAD8B06CB3B06F710AFA0DB014C260BBB7921AE742B04B1247C72F31DDE6DAD7C7E75C80C009F1A3F72AED30A8E2125A09
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\b9592f32-c515-4d28-80fe-97e0ac4a2727.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):107893
                                                                                  Entropy (8bit):4.640145133154881
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Y:fwUQC5VwBIiElEd2K57P7Y
                                                                                  MD5:46BC3CA050C9032312C051408F8C6227
                                                                                  SHA1:4EC92F610AC217A2AB2927A8B71AD8BF5157D72D
                                                                                  SHA-256:CB9C9EED0F363C3193E8676B326299AED296899E17323BA2D48619BAF5249FC6
                                                                                  SHA-512:BB3126EBAD87C08B80CF3125BCDF838CEB7012F72B142B6CE67C8DAB7E57C52478876CAF19ECAC5670D5A0C2C3505F92DFB2E3013791359BFDD7094B29FC157F
                                                                                  Malicious:false
                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):107893
                                                                                  Entropy (8bit):4.640145133154881
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Y:fwUQC5VwBIiElEd2K57P7Y
                                                                                  MD5:46BC3CA050C9032312C051408F8C6227
                                                                                  SHA1:4EC92F610AC217A2AB2927A8B71AD8BF5157D72D
                                                                                  SHA-256:CB9C9EED0F363C3193E8676B326299AED296899E17323BA2D48619BAF5249FC6
                                                                                  SHA-512:BB3126EBAD87C08B80CF3125BCDF838CEB7012F72B142B6CE67C8DAB7E57C52478876CAF19ECAC5670D5A0C2C3505F92DFB2E3013791359BFDD7094B29FC157F
                                                                                  Malicious:false
                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):4194304
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3::
                                                                                  MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                  SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                  SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                  SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                  Malicious:false
                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):4194304
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3::
                                                                                  MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                  SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                  SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                  SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                  Malicious:false
                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D941D1-1EDC.pma

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):4194304
                                                                                  Entropy (8bit):0.48849867647634854
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:jNVzTPLbtFnyaH/pIbYaZqjBYA3BOaHD1s:pFnxCbqF
                                                                                  MD5:6703E06F7995B0F2FCBA2A0EFA4F913C
                                                                                  SHA1:6137FE4DB458A77729524DF67C13530557D0DE8D
                                                                                  SHA-256:1B88AA6DCF80676676C33C41CCE36546EAF7CA3ADA30D26EEB67ECD7F307FE0C
                                                                                  SHA-512:9A9DCC64D786C80E550C1AD3E84343AD478E513E02A6D4D2ECCDFD43EDC535534281E8425C1DDD4BC57E31684C474855F8D2E3AD946D77DFBB725000A3A3380A
                                                                                  Malicious:false
                                                                                  Preview:...@..@...@.....C.].....@...................@...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".rkkusf20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K..>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .2........6.....

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):280
                                                                                  Entropy (8bit):4.132041621771752
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD54llt:o1ApdeaEqYsMazlYBVsJDu2ziy54/
                                                                                  MD5:BD72B24D3506282E86F2DE573239D060
                                                                                  SHA1:6E1A396615B8BCE53E24C9C64BA63C194325EB59
                                                                                  SHA-256:1018F6A3BA584F39BACB39A5F83372F0D50274DAE10B189C03F16E23EF02EF72
                                                                                  SHA-512:1AD4F2DC7ABA21C13202B5E2CFCDF88D6AE5AB139CD1A8956370E9D61D2129F49CD6C905CDBA82AC8075815B1656487BC4F41A3985BB0053FD85302B16826F0E
                                                                                  Malicious:false
                                                                                  Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0f12058d-4af1-4fad-be0c-84dcaade31c1.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):40504
                                                                                  Entropy (8bit):5.56140339004732
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:I41//t7pLGLv4WWPaUftv8F1+UoAYDCx9Tuqh0VfUC9xbog/OVKXPw3k3Zrw/lz1:I41//bcv4WWPaUftvu1ja3XPwU3q/lz1
                                                                                  MD5:D0907C7BB7CCABD6B0E6573C3B173FD6
                                                                                  SHA1:C23346B34133F7ABAB9297969FD90EC048163308
                                                                                  SHA-256:E63241908CF494FB164481A7135334F75FE3670E4E8C423B0B7B7A93F1572837
                                                                                  SHA-512:D43ABA31169DFD97EB6FCCF0D3DEFDE81AE8BB89F1D840DB2CE9031CA5CC90A12CFD8CBC45CB5F9A0B8CF2F9B00A2D87A8A60A94B8AEE503383E91F026EE3CDF
                                                                                  Malicious:false
                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369987793921790","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369987793921790","location":5,"ma

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2950dfd6-2b8f-4e01-bbc2-0bb84453309c.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):25012
                                                                                  Entropy (8bit):5.567716975498562
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:Idn/EWWPaUfsv8F1+UoAYDCx9Tuqh0VfUC9xbog/OVe3ksZrwypStu+:Idn/EWWPaUfsvu1javUsq3tp
                                                                                  MD5:78A0B594C170401E4D3B1767A7BF7B54
                                                                                  SHA1:BC5AF0F2D581FE4B118619E6D118DA19645288E0
                                                                                  SHA-256:11C5532DF845F0E14B0F9CD5E1F354C301CB95168E667868191E0B23F0482851
                                                                                  SHA-512:C8B14703A15963F00BFA9C5937A77BBBCB1A1644627CE211F967FA5F802C52C6B3CC9A22AD4685D1B7A44E021CD5B9F89A94C73552B3156A8D7072271FB3C85A
                                                                                  Malicious:false
                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369987793921790","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369987793921790","location":5,"ma

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\574be089-8ebf-4c22-a650-6d18706ff550.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):13304
                                                                                  Entropy (8bit):5.284238759611486
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:stPmPGQSuxWQsSdfha7ytqepbGbfdQx6WxAWUDlaTYov:sEOXuLdf/hbGaxWaTYk
                                                                                  MD5:B662F71726FE94521A819C1463648B07
                                                                                  SHA1:6B6131D7CE701D0C5604DA8735ABE1596E8DDE83
                                                                                  SHA-256:A4517E71A61FDC6B5902F99076965451EBD17246A4983C4930D7D4670187A2D7
                                                                                  SHA-512:A20508FEC3DB89E545BAA97DF6A00DE0852E5DB9A548758368B0B3963ECBB657F655DE90D53166F3F5233739A5CC8C6BDE911F38F3A8582CB117F6E1AD62983A
                                                                                  Malicious:false
                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369987794465130","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\82cff127-118d-4fff-8469-2e0a7ac40839.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:very short file (no magic)
                                                                                  Category:dropped
                                                                                  Size (bytes):1
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:L:L
                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                  Malicious:false
                                                                                  Preview:.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\99a1a681-5fd7-44da-9e31-f58d3a2bca8e.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):115717
                                                                                  Entropy (8bit):5.183660917461099
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                  Malicious:false
                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9c6900dc-1255-4c3b-bb54-aa9a1ccb2b9d.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):9747
                                                                                  Entropy (8bit):5.122277064377222
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:stPmkd+WQsSdsZihUkWi3PU8QpbV+FbjLdQA66Wx3WUkaFIMYopP4YJ:stPmZWQsSdfheqepbGbfdQx6Wx3WUka7
                                                                                  MD5:E73186AC24303CCC592082241332D12B
                                                                                  SHA1:875997414221C66B62CD424D2F7B9647BE479DC2
                                                                                  SHA-256:4B590E0EA1F7EB664899ECC5329A5F378BC74D4D2C9CC5F15C4526F9E1FBFB38
                                                                                  SHA-512:BBCAF0E2DB64334669C7CA5BEF9BC42A1D72DCCD36C28B794BBB9B02BF8CD7D5E2DF69004D5C56E35566B216EE6A1E433C730341096F15315A6C085606779C8B
                                                                                  Malicious:false
                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369987794465130","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):16
                                                                                  Entropy (8bit):3.2743974703476995
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                  Malicious:false
                                                                                  Preview:MANIFEST-000001.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):33
                                                                                  Entropy (8bit):3.5394429593752084
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                  MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                  SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                  SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                  SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                  Malicious:false
                                                                                  Preview:...m.................DB_VERSION.1

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):16
                                                                                  Entropy (8bit):3.2743974703476995
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                  Malicious:false
                                                                                  Preview:MANIFEST-000001.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):309
                                                                                  Entropy (8bit):5.2319750796643785
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:Puq1923oH+Tcwtp3hBtB2KLll1SQ+q2P923oH+Tcwtp3hBWsIFUv:PyYebp3dFLn13+v4Yebp3eFUv
                                                                                  MD5:60093C264C067E3608A9733CCEF3828C
                                                                                  SHA1:F6C7854BA36ABA95BE8FC2ACFDC9FA6E2145787E
                                                                                  SHA-256:90008B753B0C212B6F863789762E97CDA7D3C5EC38B0315C38289FD23BF65423
                                                                                  SHA-512:59BFDF51B1BCF32E28ECDD72A9CBB7EADD59B9CF5AAEA7D96471487FD609D02BC1129CEFF32D0917183F3C9D78734C16A601AEADF1B5CCEA4057E1E6727FD395
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:59.279 215c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/09/05-01:29:59.327 215c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:OpenPGP Secret Key
                                                                                  Category:dropped
                                                                                  Size (bytes):41
                                                                                  Entropy (8bit):4.704993772857998
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                  Malicious:false
                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:modified
                                                                                  Size (bytes):2163821
                                                                                  Entropy (8bit):5.222885088602767
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:v+/PN8FJfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Tfx2mjF
                                                                                  MD5:74F2EB72C56E2973B8618192133E3875
                                                                                  SHA1:19771BF358474C785993C66E9962C972B4A4E298
                                                                                  SHA-256:4FFD6503366CF5EDFBE21A9FF471AE73836FBF1E97D332EC35E48CE6EF652E88
                                                                                  SHA-512:BD873A7CC1E76B26FE60A33572E610A8D67179ADEB23CE235AF6D4CC23AA29531C4334EE14A3DF3FA52EE115014D0A2D73141E0A34742C09AD6B0F1552AC6251
                                                                                  Malicious:false
                                                                                  Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):336
                                                                                  Entropy (8bit):5.074311431989837
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PrXNOq2P923oH+Tcwt9Eh1tIFUt82dGE9Zmw+2L5kwO923oH+Tcwt9Eh15LJ:PDNOv4Yeb9Eh16FUt82d5/+215LYeb9O
                                                                                  MD5:BD803E7795AC013715762175F527A666
                                                                                  SHA1:8284373757404E6DDA039003886958F67DBAD46D
                                                                                  SHA-256:F038AA6C8B0830534764CE3A13456EFA96516B8F2D9728BA2816EF2EB5CDFCAD
                                                                                  SHA-512:CE95545814199BBC844AB23E16E30DD3414A60F89EA58E964FFA007DE78F869AC0944CC73E65F81FF416A08B8F7F25CF25F1A1EDB37ECBAAFF1509A8E3395DFC
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:59.092 23a4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/05-01:29:59.094 23a4 Recovering log #3.2024/09/05-01:29:59.102 23a4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):336
                                                                                  Entropy (8bit):5.074311431989837
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PrXNOq2P923oH+Tcwt9Eh1tIFUt82dGE9Zmw+2L5kwO923oH+Tcwt9Eh15LJ:PDNOv4Yeb9Eh16FUt82d5/+215LYeb9O
                                                                                  MD5:BD803E7795AC013715762175F527A666
                                                                                  SHA1:8284373757404E6DDA039003886958F67DBAD46D
                                                                                  SHA-256:F038AA6C8B0830534764CE3A13456EFA96516B8F2D9728BA2816EF2EB5CDFCAD
                                                                                  SHA-512:CE95545814199BBC844AB23E16E30DD3414A60F89EA58E964FFA007DE78F869AC0944CC73E65F81FF416A08B8F7F25CF25F1A1EDB37ECBAAFF1509A8E3395DFC
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:59.092 23a4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/05-01:29:59.094 23a4 Recovering log #3.2024/09/05-01:29:59.102 23a4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                  Category:dropped
                                                                                  Size (bytes):28672
                                                                                  Entropy (8bit):0.46402873285250645
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNje:TouQq3qh7z3bY2LNW9WMcUvBk
                                                                                  MD5:009BBEF00BC56855C55C3E799625E053
                                                                                  SHA1:A7ECDE10394EBFABB5F14FC13AAAF848AF774D5C
                                                                                  SHA-256:222B826587F18300E5EB5E4DE64F402C1703D72118ACD8599615F1252DF0CF71
                                                                                  SHA-512:5C5AA0F725C94F753DF1D2CCBC6DA0C752DA8617526AAF19C3DC35EEFA4C480C7E0B358BC4B7E6D5FF25CB8DDD111C7045A596E193CA05F0C20B1587D5B43CA5
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                  Category:dropped
                                                                                  Size (bytes):10240
                                                                                  Entropy (8bit):0.8708334089814068
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                  MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                  SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                  SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                  SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):636554
                                                                                  Entropy (8bit):6.0127694795093625
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:BhjHVMIvgjD8xIXualvzHR7iaQKR+8JbtlmkdBC1esJxrVcQNaiBa:Bhq+kaIXnQs+Qb3mkGbJo5
                                                                                  MD5:CDE9ABB05D9CF09C0DA933480FEC3B64
                                                                                  SHA1:D28F62243CA290594B0EB556FE0831AA6FCC6C8A
                                                                                  SHA-256:036961C14225D6DD3397D4EA5B38D010A7F0EE778CFDBEFE9437F37DDE78E39F
                                                                                  SHA-512:FFD65D76C5DF99F63EDE9695B15CE7D3AD175FB87AD8C708DDBBF5E3747379CBCA0F30C5146E7EE1A86037DB96A63F36AAAD5606D6D95BF45022E3024BF2F018
                                                                                  Malicious:false
                                                                                  Preview:...m.................DB_VERSION.1.!Z2.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mL

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):142
                                                                                  Entropy (8bit):5.006960204034355
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:MA9f38E28xp4m3rscUSXQTHOCfgKlotlf+nETPxpK2x7L8KFunLv0QYs:MA9f38D8xSEsIXGb4+n0PxEWHFebL
                                                                                  MD5:746FFF5883D7812C749D57AF719A98C6
                                                                                  SHA1:C75E807EEDAEE41911C93AEDF5AA6401D0BC8BC3
                                                                                  SHA-256:97734A3091707C172DF77555FDB0898584221AA889844F6A048D808FA34E5F10
                                                                                  SHA-512:F53B73BEDD7F637B7864B375BFFC2AC2036578F94B09D2022AA4124B2DF8CE298EF3605860A90C6BFE1E527D03AB6F59B74EC2167A52D973FE40DDF85ECF30A1
                                                                                  Malicious:false
                                                                                  Preview:...79................BLOOM_FILTER_EXPIRY_TIME:.1725600600.537278.EzG................BLOOM_FILTER_LAST_MODIFIED:.Thu, 05 Sep 2024 03:24:32 GMT

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):636529
                                                                                  Entropy (8bit):6.012178686683981
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:vhEHVMavgBg8bIXuHlvzHM7iawKRt8AbtA0kdBO1esJxLVcWGaiQX:vh7cNaIXxwstXb+0kKbJ1l
                                                                                  MD5:D06FF4898FA4B70F70844C78C74E85F1
                                                                                  SHA1:343AACAE98E528494912A7795CFDA3320598B8B9
                                                                                  SHA-256:7075C56053C9821ACF183DBB7CF38F0EB58DED5773450E7FC5D015DAF9885A11
                                                                                  SHA-512:ADD667D77284908B8DE405827BA3BFA0D56A8E19DEC93D4E3B5CB6731001D86AA65899CEC389DDC0D50D40A95DFBFEF10838C3BB3E565330EE72F7E5C43A1AC1
                                                                                  Malicious:false
                                                                                  Preview:....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mLoqavVr1W6M2pkmSIpauEh0cez8hN+5N/u78l15yvzNT5

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):512
                                                                                  Entropy (8bit):5.193020880490893
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:PbVv4Yebn9GFUt82Cg/+2CI5LYebn95Z9l4Nf0n4iIfr1K2441h:N4Yeb9ig8kLYeb9zwa4iySUh
                                                                                  MD5:F45AA6C068FFE7FEF6A4C161A93ECF74
                                                                                  SHA1:C8845B81E2E919921963B365556D118A2B0F415A
                                                                                  SHA-256:7035006161EACD751E9A572EC558955A06E486E782D7DCCF2F09A0AFBC2D1E14
                                                                                  SHA-512:3B2F9997E21F1069EC5DD56FCDCE10E438C2FD2C973CCB089E3E7B72059EE3A1DAA2BEC598303F67BF1DDFE33D4AD545A4D2F46F4E393AB9C85F8A1BD39619BB
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.000 1f64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/05-01:29:54.001 1f64 Recovering log #3.2024/09/05-01:29:54.001 1f64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/05-01:30:00.616 1f6c Level-0 table #5: started.2024/09/05-01:30:00.762 1f6c Level-0 table #5: 636529 bytes OK.2024/09/05-01:30:00.764 1f6c Delete type=0 #3.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):512
                                                                                  Entropy (8bit):5.193020880490893
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:PbVv4Yebn9GFUt82Cg/+2CI5LYebn95Z9l4Nf0n4iIfr1K2441h:N4Yeb9ig8kLYeb9zwa4iySUh
                                                                                  MD5:F45AA6C068FFE7FEF6A4C161A93ECF74
                                                                                  SHA1:C8845B81E2E919921963B365556D118A2B0F415A
                                                                                  SHA-256:7035006161EACD751E9A572EC558955A06E486E782D7DCCF2F09A0AFBC2D1E14
                                                                                  SHA-512:3B2F9997E21F1069EC5DD56FCDCE10E438C2FD2C973CCB089E3E7B72059EE3A1DAA2BEC598303F67BF1DDFE33D4AD545A4D2F46F4E393AB9C85F8A1BD39619BB
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.000 1f64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/05-01:29:54.001 1f64 Recovering log #3.2024/09/05-01:29:54.001 1f64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/05-01:30:00.616 1f6c Level-0 table #5: started.2024/09/05-01:30:00.762 1f6c Level-0 table #5: 636529 bytes OK.2024/09/05-01:30:00.764 1f6c Delete type=0 #3.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:OpenPGP Secret Key
                                                                                  Category:dropped
                                                                                  Size (bytes):103
                                                                                  Entropy (8bit):5.287315490441997
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:scoBAIxQRDKIVjGtCSluhFhinvsD8xFxN3erkEtl:scoBY7j6CSluGvlxFDkHl
                                                                                  MD5:BBF990808A624C34FC58008F69BE5414
                                                                                  SHA1:8E91249954C47ED58AFAA34373006A9A907A8B87
                                                                                  SHA-256:2E9DF06E07493794BAE755C1954FDC37401D757916EBFBAA7F0EE64A8FD16E9E
                                                                                  SHA-512:9F6863BCEE0782B211E95986AEDB74E0563A24D7FE448A7CA56EC94CD489A5BE0999757C25CB75DB6789759DCB81C20236EFB96945165E15E3D139CA4836B844
                                                                                  Malicious:false
                                                                                  Preview:.|.."....leveldb.BytewiseComparator..........7...............&.BLOOM_FILTER:.........DB_VERSION........

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):0.6133581047526687
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jLrp5w4mL:TO8D4jJ/6Up+6
                                                                                  MD5:C7B822AF30B81FAA4FEAE263823AB433
                                                                                  SHA1:AF07E4053283455FB431D71018E9E84796D9E38C
                                                                                  SHA-256:D1776DB8D94A9B4990EDA30BAA02A3CC18480F41C6566E9A44BB74FD5937B6FF
                                                                                  SHA-512:B048361B9B2B3EFCD9E08AD32520972FC3BBB0C22EC74445FAD7E573AD560C60CA0EB03CF2582C64D31AE1AE846315A36664F181EBFC742ED86F4F257785ECD8
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):16
                                                                                  Entropy (8bit):3.2743974703476995
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                  Malicious:false
                                                                                  Preview:MANIFEST-000001.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):375520
                                                                                  Entropy (8bit):5.354049506856189
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:oA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:oFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                  MD5:6D0B185825DD9E54CF003E9E933D7276
                                                                                  SHA1:FB9D772041420AF194624C7E4D0921C535FD737E
                                                                                  SHA-256:2E8E18FB57F3651AFE9AF52F326A12AFBA818B7B61A36976826A3008CB7E6057
                                                                                  SHA-512:2B7949594B966300236427425F3CD4416BF75C19FAD199583B3FC83484FC86231E2427A5D16CEC1003B0B03A6A407EF669D4531EA60A42C98474F417F3E594BB
                                                                                  Malicious:false
                                                                                  Preview:...m.................DB_VERSION.1("x.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13369987800461273..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):16
                                                                                  Entropy (8bit):3.2743974703476995
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                  Malicious:false
                                                                                  Preview:MANIFEST-000001.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):311
                                                                                  Entropy (8bit):5.192713443137169
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PkmRRM1923oH+Tcwtk2WwnvB2KLllnOq2P923oH+Tcwtk2WwnvIFUv:PkmRRhYebkxwnvFLnnOv4YebkxwnQFUv
                                                                                  MD5:062DF32B342C1C10F25DB0320C6E44F6
                                                                                  SHA1:1040A9630750C786D4693340CDD573C3115E02E7
                                                                                  SHA-256:1830DCB74BA64F192F146AA92BA4AEFD1187C05912DAA4BC9FA3C34B934D4263
                                                                                  SHA-512:911D4167297E242F5C9A6A8A40FBC03B7688CCC5580553AACC9E302965936E07D5CF4675D69C57795B34255D58270926867F54CF14702ADB0CF8327EC0020484
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:59.298 23b4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/05-01:29:59.387 23b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:OpenPGP Secret Key
                                                                                  Category:dropped
                                                                                  Size (bytes):41
                                                                                  Entropy (8bit):4.704993772857998
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                  Malicious:false
                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:modified
                                                                                  Size (bytes):358860
                                                                                  Entropy (8bit):5.324612352545692
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Ro:C1gAg1zfvA
                                                                                  MD5:BAD84A5EC2BF43507ADA10F1F75FF05D
                                                                                  SHA1:662755FCA86A335B96128087D860A09D1A7EC0A5
                                                                                  SHA-256:771EB7F67F399E2E10A4331E91E80C06495F71596BC2268FFC8F7D1049E1DA6C
                                                                                  SHA-512:5EFD9567120A5D1161CE732C4CCB7F3E0D75D49392644FC412235836FF9BDD6967768C6FF0F7494A833E68D1E539AB63316F878482F59FD84939668B2BCABC0A
                                                                                  Malicious:false
                                                                                  Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):418
                                                                                  Entropy (8bit):1.8784775129881184
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                  Malicious:false
                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):324
                                                                                  Entropy (8bit):5.119084819543356
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:P6JM+q2P923oH+Tcwt8aPrqIFUt826GZmw+26JMVkwO923oH+Tcwt8amLJ:Pj+v4YebL3FUt82z/+2jV5LYebQJ
                                                                                  MD5:1C09C30970496CB1C7A5AB3E6F1286B3
                                                                                  SHA1:38838D2F0DBEBA544C496060A68528C47FCD29A0
                                                                                  SHA-256:0F5E6EDF20B4985E59DA4331EBB10E95CF2BC75462486CE9A385B3E2B880742D
                                                                                  SHA-512:C85DBDDDAC84C2DF7CEADCF190ADA8432F185F733FA6E12DDCC64768DF84F5924A4F1CACC60418FD80AC65C5F96E4F2992CA9F763EC1004B7FFAFD05BDACCC9C
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:53.930 1fac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/05-01:29:53.930 1fac Recovering log #3.2024/09/05-01:29:53.930 1fac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):324
                                                                                  Entropy (8bit):5.119084819543356
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:P6JM+q2P923oH+Tcwt8aPrqIFUt826GZmw+26JMVkwO923oH+Tcwt8amLJ:Pj+v4YebL3FUt82z/+2jV5LYebQJ
                                                                                  MD5:1C09C30970496CB1C7A5AB3E6F1286B3
                                                                                  SHA1:38838D2F0DBEBA544C496060A68528C47FCD29A0
                                                                                  SHA-256:0F5E6EDF20B4985E59DA4331EBB10E95CF2BC75462486CE9A385B3E2B880742D
                                                                                  SHA-512:C85DBDDDAC84C2DF7CEADCF190ADA8432F185F733FA6E12DDCC64768DF84F5924A4F1CACC60418FD80AC65C5F96E4F2992CA9F763EC1004B7FFAFD05BDACCC9C
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:53.930 1fac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/05-01:29:53.930 1fac Recovering log #3.2024/09/05-01:29:53.930 1fac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):418
                                                                                  Entropy (8bit):1.8784775129881184
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                  Malicious:false
                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):328
                                                                                  Entropy (8bit):5.151391128932447
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PzDEYVq2P923oH+Tcwt865IFUt82obgZmw+2obIkwO923oH+Tcwt86+ULJ:PzYYVv4Yeb/WFUt82Ug/+2UI5LYeb/+e
                                                                                  MD5:15090F3FFCCD5DDDCB0DAB69CAEA5AB6
                                                                                  SHA1:0C3658D6F736E1156B108F6723D38D3BFEB0531A
                                                                                  SHA-256:22427BF35BD73BA836030B72EF809CCD05F071EB87F8CC269B64E9D8B91F5146
                                                                                  SHA-512:366FDCC59BF81829FB414DFAE9115FB3EF7E5D6B7F490104580E8092EAC74DAF7A0D17CAF1065CE4F3B0A9E8FB3EF1C8F1BAD4842AE5961C56D934B43AC70686
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:53.981 1fa0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/05-01:29:53.982 1fa0 Recovering log #3.2024/09/05-01:29:53.982 1fa0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):328
                                                                                  Entropy (8bit):5.151391128932447
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PzDEYVq2P923oH+Tcwt865IFUt82obgZmw+2obIkwO923oH+Tcwt86+ULJ:PzYYVv4Yeb/WFUt82Ug/+2UI5LYeb/+e
                                                                                  MD5:15090F3FFCCD5DDDCB0DAB69CAEA5AB6
                                                                                  SHA1:0C3658D6F736E1156B108F6723D38D3BFEB0531A
                                                                                  SHA-256:22427BF35BD73BA836030B72EF809CCD05F071EB87F8CC269B64E9D8B91F5146
                                                                                  SHA-512:366FDCC59BF81829FB414DFAE9115FB3EF7E5D6B7F490104580E8092EAC74DAF7A0D17CAF1065CE4F3B0A9E8FB3EF1C8F1BAD4842AE5961C56D934B43AC70686
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:53.981 1fa0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/05-01:29:53.982 1fa0 Recovering log #3.2024/09/05-01:29:53.982 1fa0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):1254
                                                                                  Entropy (8bit):1.8784775129881184
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                  MD5:826B4C0003ABB7604485322423C5212A
                                                                                  SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                  SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                  SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                  Malicious:false
                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):324
                                                                                  Entropy (8bit):5.163345667089682
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PzlVq2P923oH+Tcwt8NIFUt82zlgZmw+2zlIkwO923oH+Tcwt8+eLJ:PzlVv4YebpFUt82zlg/+2zlI5LYebqJ
                                                                                  MD5:D66622E61692D16A376E56DB053663A5
                                                                                  SHA1:0C345C5D6901853BB24CA89443FE5FD03EF3DBDD
                                                                                  SHA-256:1C80D7E2B44477FF1567A2CC3587A6E1703C2D334E24E5B29E001CC33DA62DAA
                                                                                  SHA-512:004D524579E53126887140145085FA3E8407D399EC4072034567CE42E0F7FC482DBBB84041DD58EFC88CC8AB7A9E25B0FE2DEDD770D7906E6EAE9309A1F3DEB6
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.577 1f74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-01:29:54.577 1f74 Recovering log #3.2024/09/05-01:29:54.577 1f74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):324
                                                                                  Entropy (8bit):5.163345667089682
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PzlVq2P923oH+Tcwt8NIFUt82zlgZmw+2zlIkwO923oH+Tcwt8+eLJ:PzlVv4YebpFUt82zlg/+2zlI5LYebqJ
                                                                                  MD5:D66622E61692D16A376E56DB053663A5
                                                                                  SHA1:0C345C5D6901853BB24CA89443FE5FD03EF3DBDD
                                                                                  SHA-256:1C80D7E2B44477FF1567A2CC3587A6E1703C2D334E24E5B29E001CC33DA62DAA
                                                                                  SHA-512:004D524579E53126887140145085FA3E8407D399EC4072034567CE42E0F7FC482DBBB84041DD58EFC88CC8AB7A9E25B0FE2DEDD770D7906E6EAE9309A1F3DEB6
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.577 1f74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-01:29:54.577 1f74 Recovering log #3.2024/09/05-01:29:54.577 1f74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):429
                                                                                  Entropy (8bit):5.809210454117189
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                  MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                  SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                  SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                  SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                  Malicious:false
                                                                                  Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):2.446761639839618
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:0Bmw6fU1zBv52RypxYK2FS9202hFYbrz1LMpbp+2gjGCHkJ/AztYZIHf6lhlBI8w:0BCyvkwyFelS9nsH4/AztctuuoKwxwE
                                                                                  MD5:1ED3B43DEE784DE5992FA1E5CB1A60F4
                                                                                  SHA1:0C29CABA64EDD99D27ABB12D5EE8048E2DE065B6
                                                                                  SHA-256:19C5DFCCD5B576FFFB32AFB6419A490B98A9A03E2550284D1F8C0F9DEEDDF2B6
                                                                                  SHA-512:6A9839EFB0B50396F4C8DEB471114F56498348D791FFB380F49B088A4D451C36B264456886C0C9A320362FD601C084BC34279D07C82F5E78EABB5D093477D038
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                  Category:dropped
                                                                                  Size (bytes):155648
                                                                                  Entropy (8bit):0.6773402199274459
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:owYFsXWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEpEFwE:ojWmhH+bDo3iN0Z2TVJkXBBE3ybbJ
                                                                                  MD5:5240E2E8E9ADA5014CDF2E563A0F683A
                                                                                  SHA1:1A5BADF801DA7C9296800DC959143F8BAFDEA0D6
                                                                                  SHA-256:489D112F30972A4F3E94539F2065145DCC1E3A65B853EFD1D5749BA012727476
                                                                                  SHA-512:572E87CD476961277FF98128D71EA02A8F9AB3EB2A45C73166628E2D7855B88A7E35BDC9E550DC65020EC7FDD59E1CE4C16E9EE36BD4C391E5A34AAB89058073
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):8720
                                                                                  Entropy (8bit):0.21861961848037045
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:iN59tFlljq7A/mhWJFuQ3yy7IOWUPsrNotdweytllrE9SFcTp4AGbNCV9RUIrT:iNI75fOlsRotd0Xi99pEYxT
                                                                                  MD5:A48FE5A493E6972EE2D0D24CFBD68EDC
                                                                                  SHA1:A4C5C35BD7A85E2D5FAD4D5535580865EE80F7DE
                                                                                  SHA-256:E043E4F567EC9D9EAFC813CA74A62050148CD71D14DDF1DE337A29601BE73553
                                                                                  SHA-512:B7B6FB67BE23E7EC26FA1C92856DB2287C2CF58453318A08B7F984EF6BB2481B49E680FC727C2617C1F9E2CE6B472832180EA193A8E46A6D5120EB6649EF872F
                                                                                  Malicious:false
                                                                                  Preview:............*.."...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):115717
                                                                                  Entropy (8bit):5.183660917461099
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                  Malicious:false
                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                  Category:dropped
                                                                                  Size (bytes):49152
                                                                                  Entropy (8bit):3.6477561954518807
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:aj9P0gP/Kbtfjlsc0QkQervgam6IThj773pLLRKToaAu:advP/ylf0e2ujF7NRKcC
                                                                                  MD5:AB34FD67C1B14463D57861D3EA44D73D
                                                                                  SHA1:5D3E3486E79DCDA9291F2F72449B0D94693CBFDC
                                                                                  SHA-256:11FC9759CF77E70E9EB9F50B81CDC6C07DF3564119C94675CAF90387D467B0F1
                                                                                  SHA-512:A47D798D8E774B636879BC7D1312C517CCAD2E47A64026C61BD9A06A5EACF65CEC89498D927768AB5B240625BA5EBF0F97781111C8EAAC3D9D446388366AD2F2
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):408
                                                                                  Entropy (8bit):5.265685825291573
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:PAVv4Yeb8rcHEZrELFUt82Ag/+2AI5LYeb8rcHEZrEZSJ:i4Yeb8nZrExg88LYeb8nZrEZe
                                                                                  MD5:32FF23C4B9FFA3A0BB242871FA515BB1
                                                                                  SHA1:8506999BACEC29AB4881FF2338D5D3A08B6290CA
                                                                                  SHA-256:1031814C60F9E63E1CF62E7F5A55EB8324054DBD23A9A36F09009476D1C788DE
                                                                                  SHA-512:49683B2067C9FCC2110F3732B645A912208F2F64B03E81B4F1575DAEEEDADAC99A4FF4A1CC0DEE9063F8B266484044F8B3F774CBED48C1991AD97D3F75730A42
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:58.090 1f64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-01:29:58.090 1f64 Recovering log #3.2024/09/05-01:29:58.090 1f64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):408
                                                                                  Entropy (8bit):5.265685825291573
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:PAVv4Yeb8rcHEZrELFUt82Ag/+2AI5LYeb8rcHEZrEZSJ:i4Yeb8nZrExg88LYeb8nZrEZe
                                                                                  MD5:32FF23C4B9FFA3A0BB242871FA515BB1
                                                                                  SHA1:8506999BACEC29AB4881FF2338D5D3A08B6290CA
                                                                                  SHA-256:1031814C60F9E63E1CF62E7F5A55EB8324054DBD23A9A36F09009476D1C788DE
                                                                                  SHA-512:49683B2067C9FCC2110F3732B645A912208F2F64B03E81B4F1575DAEEEDADAC99A4FF4A1CC0DEE9063F8B266484044F8B3F774CBED48C1991AD97D3F75730A42
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:58.090 1f64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-01:29:58.090 1f64 Recovering log #3.2024/09/05-01:29:58.090 1f64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):333
                                                                                  Entropy (8bit):5.1407114139694405
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:Pa+q2P923oH+Tcwt8a2jMGIFUt824JZmw+2ZUdFNVkwO923oH+Tcwt8a2jMmLJ:P7v4Yeb8EFUt824J/+2ZUdFz5LYeb8bJ
                                                                                  MD5:49507B9FED22B920FBDFE8E2DABEA81D
                                                                                  SHA1:626C8365CE233CECB7783A3DA1050659CB9B37D7
                                                                                  SHA-256:D27353D2B7DE2D0C9EB1E01A64EE733E2F7D76428D600A223D8727DAFBF70AF2
                                                                                  SHA-512:6FF348EC9BF7B5D5FE5DEF4D6767020930CDEEEEECC3A1B5D78B8605149F4126A897A816865B9C1287E729A6C8D76ECB489B08A6F3488D798C00BF6D080B0ADB
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.539 e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-01:29:54.540 e18 Recovering log #3.2024/09/05-01:29:54.544 e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):333
                                                                                  Entropy (8bit):5.1407114139694405
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:Pa+q2P923oH+Tcwt8a2jMGIFUt824JZmw+2ZUdFNVkwO923oH+Tcwt8a2jMmLJ:P7v4Yeb8EFUt824J/+2ZUdFz5LYeb8bJ
                                                                                  MD5:49507B9FED22B920FBDFE8E2DABEA81D
                                                                                  SHA1:626C8365CE233CECB7783A3DA1050659CB9B37D7
                                                                                  SHA-256:D27353D2B7DE2D0C9EB1E01A64EE733E2F7D76428D600A223D8727DAFBF70AF2
                                                                                  SHA-512:6FF348EC9BF7B5D5FE5DEF4D6767020930CDEEEEECC3A1B5D78B8605149F4126A897A816865B9C1287E729A6C8D76ECB489B08A6F3488D798C00BF6D080B0ADB
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.539 e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-01:29:54.540 e18 Recovering log #3.2024/09/05-01:29:54.544 e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                  Category:dropped
                                                                                  Size (bytes):24576
                                                                                  Entropy (8bit):0.40379388700245555
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5IoCRdG:TxKX0wxORAmA/U1cEB5I1dG
                                                                                  MD5:D5A8F1958DA250DC216C9492E8DB2E18
                                                                                  SHA1:79C5BDAA8A0A560141DD005C26F0CE0803869E43
                                                                                  SHA-256:1FF6E6E784CD5F031021D02AB085B4B6E8C1F4F6AF4D12861541994EB6319D1B
                                                                                  SHA-512:399372FE8E8363375FEFE9DC5D8260357B81A860E35526AF77EFD102D0BABA923D08B98303369C746A8C8F1F08C7AF3FC113C8A30C634A89306B02661AC89BCE
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1881a0fb-b719-4089-82ae-4052a4c5720d.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1419
                                                                                  Entropy (8bit):5.336110615415376
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                  MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                  SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                  SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                  SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2f2f21d6-6a3d-4c4c-ad57-77a841b45c90.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\389ac086-2639-4a5e-a7c3-be952f321a20.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3bdb28f7-d3aa-4347-a85d-d35ff2229023.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2917
                                                                                  Entropy (8bit):5.316966682806218
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:YcgCzsgJtsJ8fc7leeEshgsJC5soaZakEsXVrs18+HwsOYs2+HWCbx9+:F192keNxgaZakpn4GW4PV9+
                                                                                  MD5:36BCE157F53F3F7A561FA3AC17C17167
                                                                                  SHA1:92D5CDB4E797A6BB6251D97879A8C4F9A73C6C19
                                                                                  SHA-256:58B9002910B3595EF5D2E461C0563B806F2357B2497E329D1188AB704BBEDF6C
                                                                                  SHA-512:0726CB25A0DFBB2B11E357DF34A258F09A0858BD7631E706EDD71C87C0E7B50B7F59C8B526253A1B69D764870DB1578D898F1649D562089EADC850100CEE6BB9
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579796622375","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579799061977","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579799707067","port":443,"protocol_str":"quic"}],"anonymizatio

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\49aebe14-8f58-469d-a186-d7bfe2bde700.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5cee05ad-be0c-44d5-a01b-a8e0c533cfd2.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):40
                                                                                  Entropy (8bit):4.1275671571169275
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                  Malicious:false
                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\65a3b3e5-f385-420a-9b59-05177f093bac.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2917
                                                                                  Entropy (8bit):5.317212590697021
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:YcgCzsgJtsJ8fc7leeEshgsJC5soaZakEsXVrs18+HwsOYs2+HWCbxo+:F192keNxgaZakpn4GW4PVo+
                                                                                  MD5:45EBE1C231DC5C597509AF547F91F773
                                                                                  SHA1:8DDB17AE8E7B55768AAA8A8E1E64E2A38539A275
                                                                                  SHA-256:379CAFCD179526E3034F45D8F1144AA46003E4DB83A4367ED65AC1A41F60558B
                                                                                  SHA-512:EA3F6C64FE5E59082A6D533B39429A427D7092084A2378DC1BF62782ADE444D19827F6E488796F8E304157755C7576851FF4FAC59BE949095B1DAED0327A5DA7
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579796622375","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579799061977","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372579799707067","port":443,"protocol_str":"quic"}],"anonymizatio

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8c0753d6-3097-4d6a-b186-1d7140d3d2c0.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):188
                                                                                  Entropy (8bit):5.3226206830403155
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YWRAWNjZQxtTCcJHNNTPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqm:YWyWNibm4H7TBv31dB8wXwlmUUAnIMpM
                                                                                  MD5:F136E90E88B4C1D505F19DC96D7BFFEC
                                                                                  SHA1:7E7EEE7773D195DFADFB22F72857309778F5C105
                                                                                  SHA-256:4BF99D94898E004C35A0AB89FF60D1C5352EDEAB306E84F84FA7149F92B0F56B
                                                                                  SHA-512:E37D372F8539FDCF1B5D85DCAF2C658D4C4F4AFF14ECFE2ABC94C9D2442AAF3537EDC4A6AB325007A38CFF4F821D9E78AC5F70D572A99B98EA862F2644AAD24C
                                                                                  Malicious:false
                                                                                  Preview:{"sts":[{"expiry":1757050264.652939,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725514264.652944}],"version":2}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9ad8d672-7ac3-496f-9ac9-3ead4a587454.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):188
                                                                                  Entropy (8bit):5.285182883027995
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YWRAWNjZQ3tTLY8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZfTRp:YWyWNid/Y8Bv31dB8wXwlmUUAnIMp59D
                                                                                  MD5:3B30E9C17470416B6F05877B91155F2B
                                                                                  SHA1:1F03CAED4EDAFC075329F103E34A8617728569A2
                                                                                  SHA-256:B1BB6D29994976B9028E3CF85904F64D40A76786CC8F618131B308F0D07BA9AF
                                                                                  SHA-512:A60C12EF2C32A29A160036BE25136299CEEBBCEBBDB57575BC88EFAB99A01C8FB47E2E97819355C84F0B0AAC26AAD2FCC88FA99C9830F17E6297DC1B65AAE66D
                                                                                  Malicious:false
                                                                                  Preview:{"sts":[{"expiry":1757050204.641524,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725514204.641529}],"version":2}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):1.0831960636617557
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:T2dKLopF+SawLUO1Xj8BmhPBt+TpNsJi+mRMzXNmOFyPr:ige+AumNiksO8r
                                                                                  MD5:48AA9129BB1CD09A7E5802EE20016204
                                                                                  SHA1:BB77960F48F4D7DA892E9ABE4389CBD621D6397E
                                                                                  SHA-256:FC148400AC7394664ADE1650BC8835ECB35EE37227922745573150B67691EBF0
                                                                                  SHA-512:E3AD59962FE9B5828D2060389156AC7E60A4413BA0BAED02950114100FAE57B81882E050B38922F26922B91FA68933BFF0F12D74AB53887842284147866B93D5
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1419
                                                                                  Entropy (8bit):5.336110615415376
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                  MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                  SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                  SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                  SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF423a1.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1419
                                                                                  Entropy (8bit):5.336110615415376
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                  MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                  SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                  SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                  SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF44b9c.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1419
                                                                                  Entropy (8bit):5.336110615415376
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                  MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                  SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                  SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                  SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                  Category:dropped
                                                                                  Size (bytes):36864
                                                                                  Entropy (8bit):1.3306333056824557
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:uIEumQv8m1ccnvS6wDo2dQF2YQ9UZE1hRVkI:uIEumQv8m1ccnvS6t282rUZEDd
                                                                                  MD5:15A11ED6881B77DAEAC695BBF4A68689
                                                                                  SHA1:E847C84773B3DA837B8A240DCB4192B82F601CF4
                                                                                  SHA-256:87785A1E96F484FFFC02A8008A3754C1BF2B71263B5792E91EF3C75C456572A7
                                                                                  SHA-512:A511E916721919B0B0A5118DC8E08838D10052DC8622442DF922D473B20426F7CF11B5E481D99334E85D098E137E4C06362DB27C1EB08687161DC625692F9EA1
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF32377.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF33a1c.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF33b16.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):40
                                                                                  Entropy (8bit):4.1275671571169275
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                  Malicious:false
                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):188
                                                                                  Entropy (8bit):5.285182883027995
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YWRAWNjZQ3tTLY8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZfTRp:YWyWNid/Y8Bv31dB8wXwlmUUAnIMp59D
                                                                                  MD5:3B30E9C17470416B6F05877B91155F2B
                                                                                  SHA1:1F03CAED4EDAFC075329F103E34A8617728569A2
                                                                                  SHA-256:B1BB6D29994976B9028E3CF85904F64D40A76786CC8F618131B308F0D07BA9AF
                                                                                  SHA-512:A60C12EF2C32A29A160036BE25136299CEEBBCEBBDB57575BC88EFAB99A01C8FB47E2E97819355C84F0B0AAC26AAD2FCC88FA99C9830F17E6297DC1B65AAE66D
                                                                                  Malicious:false
                                                                                  Preview:{"sts":[{"expiry":1757050204.641524,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725514204.641529}],"version":2}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF4417a.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):188
                                                                                  Entropy (8bit):5.285182883027995
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YWRAWNjZQ3tTLY8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZfTRp:YWyWNid/Y8Bv31dB8wXwlmUUAnIMp59D
                                                                                  MD5:3B30E9C17470416B6F05877B91155F2B
                                                                                  SHA1:1F03CAED4EDAFC075329F103E34A8617728569A2
                                                                                  SHA-256:B1BB6D29994976B9028E3CF85904F64D40A76786CC8F618131B308F0D07BA9AF
                                                                                  SHA-512:A60C12EF2C32A29A160036BE25136299CEEBBCEBBDB57575BC88EFAB99A01C8FB47E2E97819355C84F0B0AAC26AAD2FCC88FA99C9830F17E6297DC1B65AAE66D
                                                                                  Malicious:false
                                                                                  Preview:{"sts":[{"expiry":1757050204.641524,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725514204.641529}],"version":2}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\cc00f861-10bc-4b4a-addb-8cf58ff05c76.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):0.8307038620100359
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:TLSOUOq0afDdWec9sJlAz7Nm2z8ZI7J5fc:T+OUzDbg3eAzA2ztc
                                                                                  MD5:B18967139991D9CA13DF7E493540A358
                                                                                  SHA1:97411C14A8503C11248BE7404C9A79BA5146D40C
                                                                                  SHA-256:CCC36F21951B4CB357C57DA0CCA1FFF3B4C7027230C10FD8BCB72C0AFF66141F
                                                                                  SHA-512:473AE1B215B181785EA65F87E34155D5976C7AD1FA487B025E1C8711BFD127E99066990105CDA8D6F4804459118361217455AB1644803D22E6ECB164EEEFD630
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):9747
                                                                                  Entropy (8bit):5.122277064377222
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:stPmkd+WQsSdsZihUkWi3PU8QpbV+FbjLdQA66Wx3WUkaFIMYopP4YJ:stPmZWQsSdfheqepbGbfdQx6Wx3WUka7
                                                                                  MD5:E73186AC24303CCC592082241332D12B
                                                                                  SHA1:875997414221C66B62CD424D2F7B9647BE479DC2
                                                                                  SHA-256:4B590E0EA1F7EB664899ECC5329A5F378BC74D4D2C9CC5F15C4526F9E1FBFB38
                                                                                  SHA-512:BBCAF0E2DB64334669C7CA5BEF9BC42A1D72DCCD36C28B794BBB9B02BF8CD7D5E2DF69004D5C56E35566B216EE6A1E433C730341096F15315A6C085606779C8B
                                                                                  Malicious:false
                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369987794465130","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF35e2e.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):9747
                                                                                  Entropy (8bit):5.122277064377222
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:stPmkd+WQsSdsZihUkWi3PU8QpbV+FbjLdQA66Wx3WUkaFIMYopP4YJ:stPmZWQsSdfheqepbGbfdQx6Wx3WUka7
                                                                                  MD5:E73186AC24303CCC592082241332D12B
                                                                                  SHA1:875997414221C66B62CD424D2F7B9647BE479DC2
                                                                                  SHA-256:4B590E0EA1F7EB664899ECC5329A5F378BC74D4D2C9CC5F15C4526F9E1FBFB38
                                                                                  SHA-512:BBCAF0E2DB64334669C7CA5BEF9BC42A1D72DCCD36C28B794BBB9B02BF8CD7D5E2DF69004D5C56E35566B216EE6A1E433C730341096F15315A6C085606779C8B
                                                                                  Malicious:false
                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369987794465130","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ac10.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):9747
                                                                                  Entropy (8bit):5.122277064377222
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:stPmkd+WQsSdsZihUkWi3PU8QpbV+FbjLdQA66Wx3WUkaFIMYopP4YJ:stPmZWQsSdfheqepbGbfdQx6Wx3WUka7
                                                                                  MD5:E73186AC24303CCC592082241332D12B
                                                                                  SHA1:875997414221C66B62CD424D2F7B9647BE479DC2
                                                                                  SHA-256:4B590E0EA1F7EB664899ECC5329A5F378BC74D4D2C9CC5F15C4526F9E1FBFB38
                                                                                  SHA-512:BBCAF0E2DB64334669C7CA5BEF9BC42A1D72DCCD36C28B794BBB9B02BF8CD7D5E2DF69004D5C56E35566B216EE6A1E433C730341096F15315A6C085606779C8B
                                                                                  Malicious:false
                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369987794465130","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4217e.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):9747
                                                                                  Entropy (8bit):5.122277064377222
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:stPmkd+WQsSdsZihUkWi3PU8QpbV+FbjLdQA66Wx3WUkaFIMYopP4YJ:stPmZWQsSdfheqepbGbfdQx6Wx3WUka7
                                                                                  MD5:E73186AC24303CCC592082241332D12B
                                                                                  SHA1:875997414221C66B62CD424D2F7B9647BE479DC2
                                                                                  SHA-256:4B590E0EA1F7EB664899ECC5329A5F378BC74D4D2C9CC5F15C4526F9E1FBFB38
                                                                                  SHA-512:BBCAF0E2DB64334669C7CA5BEF9BC42A1D72DCCD36C28B794BBB9B02BF8CD7D5E2DF69004D5C56E35566B216EE6A1E433C730341096F15315A6C085606779C8B
                                                                                  Malicious:false
                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369987794465130","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):16
                                                                                  Entropy (8bit):3.2743974703476995
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                  Malicious:false
                                                                                  Preview:MANIFEST-000001.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:modified
                                                                                  Size (bytes):83572
                                                                                  Entropy (8bit):5.664073245302759
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:JL0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:JL6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
                                                                                  MD5:88A75CF8B8D37DEB4782E31D662FA89D
                                                                                  SHA1:019E90A24F35B5613EACE2968FD19C0D5911BEC1
                                                                                  SHA-256:3E56F008E46CBB7BA0EBF8813D31A8244DC37A1DCF4B83055EF30E8BC724D6D0
                                                                                  SHA-512:BA722DAC32EAADDAA570E8A2C587FC5712A00CDFCA05FDBFBC7A96D7243955F2C20F31582132F61435F54CEA46A67B613DEE59FF232FAA0CCD010F338F9B02BB
                                                                                  Malicious:false
                                                                                  Preview:...m.................DB_VERSION.1nL.7j...............(QUERY_TIMESTAMP:product_category_en1.*.*.13369987804496582..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):16
                                                                                  Entropy (8bit):3.2743974703476995
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                  Malicious:false
                                                                                  Preview:MANIFEST-000001.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):309
                                                                                  Entropy (8bit):5.15167940136737
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:P40j7R1923oH+TcwtgctZQInvB2KLll40icM+q2P923oH+TcwtgctZQInvIFUv:P4038YebgGZznvFLn40i9+v4YebgGZzp
                                                                                  MD5:AC861E0498E2ED097892B7F7EFC151D0
                                                                                  SHA1:081F76367CE2D7999230A2179643A434CE90D066
                                                                                  SHA-256:1D46FECC2CCD6E956BEC0D74C6FF27F96FE87A407E39B9716FFD33C43B07EA13
                                                                                  SHA-512:A85958B064F0949D7871273B72DA322DF8690EB13A0A81A1902BAD29488D91DB16D6AF7E26FAF4D27146D4D1181395B9544B12F5671F3CE0F26C159D5827EDC5
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:30:03.457 26ac Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/09/05-01:30:03.504 26ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:OpenPGP Secret Key
                                                                                  Category:dropped
                                                                                  Size (bytes):41
                                                                                  Entropy (8bit):4.704993772857998
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                  Malicious:false
                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):25012
                                                                                  Entropy (8bit):5.567716975498562
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:Idn/EWWPaUfsv8F1+UoAYDCx9Tuqh0VfUC9xbog/OVe3ksZrwypStu+:Idn/EWWPaUfsvu1javUsq3tp
                                                                                  MD5:78A0B594C170401E4D3B1767A7BF7B54
                                                                                  SHA1:BC5AF0F2D581FE4B118619E6D118DA19645288E0
                                                                                  SHA-256:11C5532DF845F0E14B0F9CD5E1F354C301CB95168E667868191E0B23F0482851
                                                                                  SHA-512:C8B14703A15963F00BFA9C5937A77BBBCB1A1644627CE211F967FA5F802C52C6B3CC9A22AD4685D1B7A44E021CD5B9F89A94C73552B3156A8D7072271FB3C85A
                                                                                  Malicious:false
                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369987793921790","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369987793921790","location":5,"ma

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF35e3e.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):25012
                                                                                  Entropy (8bit):5.567716975498562
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:Idn/EWWPaUfsv8F1+UoAYDCx9Tuqh0VfUC9xbog/OVe3ksZrwypStu+:Idn/EWWPaUfsvu1javUsq3tp
                                                                                  MD5:78A0B594C170401E4D3B1767A7BF7B54
                                                                                  SHA1:BC5AF0F2D581FE4B118619E6D118DA19645288E0
                                                                                  SHA-256:11C5532DF845F0E14B0F9CD5E1F354C301CB95168E667868191E0B23F0482851
                                                                                  SHA-512:C8B14703A15963F00BFA9C5937A77BBBCB1A1644627CE211F967FA5F802C52C6B3CC9A22AD4685D1B7A44E021CD5B9F89A94C73552B3156A8D7072271FB3C85A
                                                                                  Malicious:false
                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369987793921790","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369987793921790","location":5,"ma

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):440
                                                                                  Entropy (8bit):4.632813989851998
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:S+a8ljljljljlCUfq+CcsDQ3f/nGz3A/XkAvkAvkAv:Ra0ZZZZCUCWsOHG0Xk8k8k8
                                                                                  MD5:2954ACD1F8ACE95C3EDA262277BFBC94
                                                                                  SHA1:083866D69BE3FF632498796D2AFB5DA6CECE9EAF
                                                                                  SHA-256:47A78249EA4EB11833741BA97B7DF555174636974D1B43CBD10970E376AB3156
                                                                                  SHA-512:9D0BE3B02AB6F96F3A7B8C86A2983899FC86BD54F383E3F6CB5B1B3170F7C9099F6F28047B4BBEF780B65A04368698CE8E2086D876CFFE7EFF81499F78254B15
                                                                                  Malicious:false
                                                                                  Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...................j................next-map-id.1.Knamespace-9e00ee42_574c_4839_82ff_c83d008cbe83-https://accounts.google.com/.0..v|k................next-map-id.2.Lnamespace-9e00ee42_574c_4839_82ff_c83d008cbe83-https://accounts.youtube.com/.1. .................. .................. .................. .................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):321
                                                                                  Entropy (8bit):5.160092254986604
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PCAE3+q2P923oH+TcwtrQMxIFUt82iZmw+2PtVkwO923oH+TcwtrQMFLJ:PCCv4YebCFUt82i/+2L5LYebtJ
                                                                                  MD5:3661D0CA625E2B2E240B859A3953D054
                                                                                  SHA1:99C4A42830A3987C30434BB05B1D6E8EBAAA8F39
                                                                                  SHA-256:40244652F8582AA01A49A1902DD07FE37AA572384AF904346E5AA7250474BB81
                                                                                  SHA-512:1769B414C15043277FD64A6F52A65489E012BEC3ED56BDF18510142265BDA19AF1D2FD1C8576435403C3B9780E92F3D64370DE44B515FCFB8BB7AF3D14A2AEFB
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.568 e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-01:29:54.571 e18 Recovering log #3.2024/09/05-01:29:54.576 e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):321
                                                                                  Entropy (8bit):5.160092254986604
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PCAE3+q2P923oH+TcwtrQMxIFUt82iZmw+2PtVkwO923oH+TcwtrQMFLJ:PCCv4YebCFUt82i/+2L5LYebtJ
                                                                                  MD5:3661D0CA625E2B2E240B859A3953D054
                                                                                  SHA1:99C4A42830A3987C30434BB05B1D6E8EBAAA8F39
                                                                                  SHA-256:40244652F8582AA01A49A1902DD07FE37AA572384AF904346E5AA7250474BB81
                                                                                  SHA-512:1769B414C15043277FD64A6F52A65489E012BEC3ED56BDF18510142265BDA19AF1D2FD1C8576435403C3B9780E92F3D64370DE44B515FCFB8BB7AF3D14A2AEFB
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.568 e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-01:29:54.571 e18 Recovering log #3.2024/09/05-01:29:54.576 e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369987796491313

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):12348
                                                                                  Entropy (8bit):4.132352092010317
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:319wK3PoVAb3PoV2ueoP0NH3PoVSZ3PoV2ueoP0i36:l9poVwoV589oVMoV58i
                                                                                  MD5:F377505339D9BE4A2AFC88DCD13781B0
                                                                                  SHA1:D6C7D8813EDE4819FE80E4AC6D91ECEEEDAFF166
                                                                                  SHA-256:D395AA52B674312FF50D1E9E54DEFAB176E36911CE27ACB1B8917BA5988D0BD4
                                                                                  SHA-512:F018CECB07E56D70FB04937F580234B2CB8AD9A3EFC9DD838C13587F58189B67E00714584E708358BFA6BD932D38E52730369DF3E0336A7A02425791950C66C4
                                                                                  Malicious:false
                                                                                  Preview:SNSS................................"........................................................!.............................................1..,.......$...9e00ee42_574c_4839_82ff_c83d008cbe83......................k....................................................................5..0.......&...{98952893-68FF-4A5D-A164-705C709ED3DB}.........................................................................o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64........................................o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium...

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):0.44194574462308833
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                  MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                  SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                  SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                  SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):352
                                                                                  Entropy (8bit):5.102853342912345
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:P4U5N+q2P923oH+Tcwt7Uh2ghZIFUt822AGXZmw+2OVkwO923oH+Tcwt7Uh2gnLJ:PZ5N+v4YebIhHh2FUt82VGX/+2OV5LYz
                                                                                  MD5:41FB85B25B6BF4949681AD218723CC24
                                                                                  SHA1:BE88FE4D7873319A1669B1B77A1DF2EDC3428E95
                                                                                  SHA-256:79C3DC2BC32CAABB36FB3E6598883EB07E817DFA8B22CFD323585096E2A36320
                                                                                  SHA-512:A5F10D8C097F53C9C4658BB21882713C22809BF7C361AEF73BB4346433EBBEEB23E262AA9A308BE7412D28D45721E082AB3D1C06B06FAF77AFE387C122BA7B04
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:53.903 1f9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-01:29:53.904 1f9c Recovering log #3.2024/09/05-01:29:53.902 1f9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):352
                                                                                  Entropy (8bit):5.102853342912345
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:P4U5N+q2P923oH+Tcwt7Uh2ghZIFUt822AGXZmw+2OVkwO923oH+Tcwt7Uh2gnLJ:PZ5N+v4YebIhHh2FUt82VGX/+2OV5LYz
                                                                                  MD5:41FB85B25B6BF4949681AD218723CC24
                                                                                  SHA1:BE88FE4D7873319A1669B1B77A1DF2EDC3428E95
                                                                                  SHA-256:79C3DC2BC32CAABB36FB3E6598883EB07E817DFA8B22CFD323585096E2A36320
                                                                                  SHA-512:A5F10D8C097F53C9C4658BB21882713C22809BF7C361AEF73BB4346433EBBEEB23E262AA9A308BE7412D28D45721E082AB3D1C06B06FAF77AFE387C122BA7B04
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:53.903 1f9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-01:29:53.904 1f9c Recovering log #3.2024/09/05-01:29:53.902 1f9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):270336
                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                  Malicious:false
                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):270336
                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                  Malicious:false
                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):431
                                                                                  Entropy (8bit):5.234328178983683
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:PfIv4YebvqBQFUt82M/+2UST5LYebvqBvJ:X64YebvZg8u8LYebvk
                                                                                  MD5:C71C7566397517C11414E270A75C085E
                                                                                  SHA1:4BDE3F544E94D76D8525E5F65C79E94A64C73220
                                                                                  SHA-256:02C47135071F9493BDD7DB988F7978E3A9621BD5E7352E1B125467B3C889CCD5
                                                                                  SHA-512:1F2DCBD6ADEFD89BA3A6B739CF70D2BE7A8E9A06A523A644B1F3471BD60B1A10A7AF4F21EB7BF6EBF544BB81F53BEA61C9C697C2386B4C11A4CB46C2287A19FB
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.608 e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-01:29:54.609 e18 Recovering log #3.2024/09/05-01:29:54.611 e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):431
                                                                                  Entropy (8bit):5.234328178983683
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:PfIv4YebvqBQFUt82M/+2UST5LYebvqBvJ:X64YebvZg8u8LYebvk
                                                                                  MD5:C71C7566397517C11414E270A75C085E
                                                                                  SHA1:4BDE3F544E94D76D8525E5F65C79E94A64C73220
                                                                                  SHA-256:02C47135071F9493BDD7DB988F7978E3A9621BD5E7352E1B125467B3C889CCD5
                                                                                  SHA-512:1F2DCBD6ADEFD89BA3A6B739CF70D2BE7A8E9A06A523A644B1F3471BD60B1A10A7AF4F21EB7BF6EBF544BB81F53BEA61C9C697C2386B4C11A4CB46C2287A19FB
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.608 e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-01:29:54.609 e18 Recovering log #3.2024/09/05-01:29:54.611 e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0115ae2a-8407-4746-a3b1-4c975a03dc6a.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):40
                                                                                  Entropy (8bit):4.1275671571169275
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                  Malicious:false
                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\188a0069-7e54-4363-abd0-9bc5d45f3268.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\83dc49be-17e4-458c-996b-c983f31b51d0.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):144
                                                                                  Entropy (8bit):4.842082263530856
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9f5cb0ea-3d91-484b-a409-176314b25612.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):144
                                                                                  Entropy (8bit):4.842082263530856
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF423a1.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):144
                                                                                  Entropy (8bit):4.842082263530856
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF44bab.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):144
                                                                                  Entropy (8bit):4.842082263530856
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF33a0c.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF33b16.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):40
                                                                                  Entropy (8bit):4.1275671571169275
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                  Malicious:false
                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                  Category:dropped
                                                                                  Size (bytes):36864
                                                                                  Entropy (8bit):0.3886039372934488
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                  MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                  SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                  SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                  SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c2c5c71e-7cc8-4fb0-b8bd-1cbd588e8308.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):144
                                                                                  Entropy (8bit):4.842082263530856
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e1b68a07-b16f-4dde-b13e-f3f5c3f7c85b.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:H:H
                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                  Malicious:false
                                                                                  Preview:[]

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f38fe483-bafa-4268-ad7d-2b799e5f5df8.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):144
                                                                                  Entropy (8bit):4.842082263530856
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
                                                                                  MD5:F32592F4926E25E0D647EA7E4CBCD3FE
                                                                                  SHA1:4126DAA71810BDC438563699F77D5DA66DD3295E
                                                                                  SHA-256:BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
                                                                                  SHA-512:96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
                                                                                  Malicious:false
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):80
                                                                                  Entropy (8bit):3.4921535629071894
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                  MD5:69449520FD9C139C534E2970342C6BD8
                                                                                  SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                  SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                  SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                  Malicious:false
                                                                                  Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):419
                                                                                  Entropy (8bit):5.224863600013014
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:P4dAv4YebvqBZFUt824A/+24JF3D5LYebvqBaJ:Ady4Yebvyg8TtLlLYebvL
                                                                                  MD5:D874E4E66F812F2841E94F09CBAD2BB0
                                                                                  SHA1:579783E92A5467F271A83E27D1DCAAC34DC0E37D
                                                                                  SHA-256:439FA2E77C10FBF25E55BC84A89F9BF7E8AEEDDF68F3429941E5F005096DD844
                                                                                  SHA-512:E59EBC378F5C2D18F7A20515215EC2815BC6B992ECDB256A3F17E1A1152D3DF665C6E9FC2FBE2D4A12C9802C2F520D237C54ECCD5C6DE7E8E4091CD24CE3A5D6
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:30:12.777 e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-01:30:12.778 e18 Recovering log #3.2024/09/05-01:30:12.780 e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):419
                                                                                  Entropy (8bit):5.224863600013014
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:P4dAv4YebvqBZFUt824A/+24JF3D5LYebvqBaJ:Ady4Yebvyg8TtLlLYebvL
                                                                                  MD5:D874E4E66F812F2841E94F09CBAD2BB0
                                                                                  SHA1:579783E92A5467F271A83E27D1DCAAC34DC0E37D
                                                                                  SHA-256:439FA2E77C10FBF25E55BC84A89F9BF7E8AEEDDF68F3429941E5F005096DD844
                                                                                  SHA-512:E59EBC378F5C2D18F7A20515215EC2815BC6B992ECDB256A3F17E1A1152D3DF665C6E9FC2FBE2D4A12C9802C2F520D237C54ECCD5C6DE7E8E4091CD24CE3A5D6
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:30:12.777 e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-01:30:12.778 e18 Recovering log #3.2024/09/05-01:30:12.780 e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):328
                                                                                  Entropy (8bit):5.163812042879396
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:P4mM+q2P923oH+TcwtpIFUt824iFZZmw+241iMVkwO923oH+Tcwta/WLJ:P47+v4YebmFUt824C/+24JV5LYebaUJ
                                                                                  MD5:B67189CEB4CB42C8C4936E5AC360C7F0
                                                                                  SHA1:819F188740F687D3466339A77FE1DB64F9FFE67C
                                                                                  SHA-256:AAD2FD97D448D8343E64BB77EDAEE41BF7441488BCBED7AE1AEADE1AC4AF330B
                                                                                  SHA-512:ED3E7223DC179573F5D3B2D0D0F53023F20C4D1504CB2515CC2EC730CB1E4FCEBBD867103FFD4F79B99EAC4C7CDF5103CD5103B7DE0A6BAEC011E177945A9939
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:53.913 1fac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-01:29:53.914 1fac Recovering log #3.2024/09/05-01:29:53.915 1fac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):328
                                                                                  Entropy (8bit):5.163812042879396
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:P4mM+q2P923oH+TcwtpIFUt824iFZZmw+241iMVkwO923oH+Tcwta/WLJ:P47+v4YebmFUt824C/+24JV5LYebaUJ
                                                                                  MD5:B67189CEB4CB42C8C4936E5AC360C7F0
                                                                                  SHA1:819F188740F687D3466339A77FE1DB64F9FFE67C
                                                                                  SHA-256:AAD2FD97D448D8343E64BB77EDAEE41BF7441488BCBED7AE1AEADE1AC4AF330B
                                                                                  SHA-512:ED3E7223DC179573F5D3B2D0D0F53023F20C4D1504CB2515CC2EC730CB1E4FCEBBD867103FFD4F79B99EAC4C7CDF5103CD5103B7DE0A6BAEC011E177945A9939
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:53.913 1fac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-01:29:53.914 1fac Recovering log #3.2024/09/05-01:29:53.915 1fac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):131072
                                                                                  Entropy (8bit):0.005567161523650777
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:ImtVF+RGHtlLI/kt:IiVEkH0kt
                                                                                  MD5:5DF860197311A5236FFCFE1CD48FC992
                                                                                  SHA1:6E6F8D3DD5E9039AB8F9D7CBF7D5F2CD38733FAB
                                                                                  SHA-256:B65D6AAAC0C64A844FB53C96B571446336B7831934637BC76D2D76BAC22A3F80
                                                                                  SHA-512:4C508F9A708101AD86B6231281E7C30545DC1E9E0BD98EA08F30179CB630BBD21C2D6E0C7BA2F1AAF9E4D29F8067F31FDC688208733521328F1C562D132BB382
                                                                                  Malicious:false
                                                                                  Preview:VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                  Category:dropped
                                                                                  Size (bytes):196608
                                                                                  Entropy (8bit):1.2651959924173928
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:8/2qOB1nxCkMISAELyKOMq+8yC8F/YfU5m+OlTLVumN:Bq+n0JI9ELyKOMq+8y9/OwO
                                                                                  MD5:3B3845ED53207338BFA9F7FCAE558073
                                                                                  SHA1:716CAF991503BF11969C3CD762C25080B257ED3E
                                                                                  SHA-256:93A361920A1F08D2CC3A89E76D257474FFD480432B5178CAFC838981CC0BBF09
                                                                                  SHA-512:65F7D25A7DEE4C3A1ACC0B6D4608A5859BCD107D76E4B2D40EEFFC470F9192E581B2D18F75226D575B89B9D4E65AF14B68AE0F774ED255A09992F0EBCFDAB7F0
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                                                                  Category:dropped
                                                                                  Size (bytes):14336
                                                                                  Entropy (8bit):1.4179195253777301
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:fK3tjkSdj5IUltGhp22iSBgj2Rypx2R2Rypxaxj/:ftSjGhp22iS3wzwi
                                                                                  MD5:B3DCD8E796A44AE009ADFFFEEDE62F01
                                                                                  SHA1:65187E8B9551E0DA38E9217DD8E94A338C30D84B
                                                                                  SHA-256:7FA47478289BF7971BAE638EEBEC7B2415493A057E7B2305441E555DCD356CD1
                                                                                  SHA-512:79E5BD00AA224DD05A9BB3963E0DD500C7F98097733CB5B837C1D33B13D09191A12DFCBCD5ACD72C0FA256735F98930E568A6965EE2C20D08738F2E00821FDE6
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                  Category:dropped
                                                                                  Size (bytes):40960
                                                                                  Entropy (8bit):0.41235120905181716
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                  MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                  SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                  SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                  SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):11755
                                                                                  Entropy (8bit):5.190465908239046
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                  MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                  SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                  SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                  SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                  Malicious:false
                                                                                  Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cb7b6ef1-b027-4b61-a7df-87dfdb1faa9d.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:very short file (no magic)
                                                                                  Category:dropped
                                                                                  Size (bytes):1
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:L:L
                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                  Malicious:false
                                                                                  Preview:.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                  Category:dropped
                                                                                  Size (bytes):28672
                                                                                  Entropy (8bit):0.3410017321959524
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                  MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                  SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                  SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                  SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e44042d0-ba09-4cda-981d-33e757545667.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):13139
                                                                                  Entropy (8bit):5.2867026527908365
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:stPmPGQSuxWQsSdfha7ytqepbGbfdQx6Wx3WUkaTYov:sEOXuLdf/hbGaxsaTYk
                                                                                  MD5:41EA171B2DBEAC27B42A9027E7C3CFDD
                                                                                  SHA1:66C5E8223AFF5928430BB8A025FD942B56DA4E78
                                                                                  SHA-256:EA855C33EAFC94C48290E08882E3784F9E0F2D727D124BE57D7C27FB5CAB90FF
                                                                                  SHA-512:EA58A18BAA028B3EAE9A64656D16AAEFEEE399CF9C851B9D2591A3CCC286D5762F6754E0842ACA630F904E57DC1E295A53F4B8A0ABE9B492113D4212006C3F7F
                                                                                  Malicious:false
                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369987794465130","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f57e8575-3669-4ad7-a4dc-47b3718c421a.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):13304
                                                                                  Entropy (8bit):5.28432340304677
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:stPmPGQSuxWQsSdfha7ytqepbGbfdQx6WxzWUDlaTYov:sEOXuLdf/hbGaxxaTYk
                                                                                  MD5:EB4255015568BC7B5F0C170A6AC3359B
                                                                                  SHA1:15E75AA8DE1E452A1B84EC08C39109CA85C9B9DA
                                                                                  SHA-256:E9FAD00B7234D2FA7E979982C91EE608D6CE58AD48B61F34E2BC7ACB86F8DFEC
                                                                                  SHA-512:981D7AE2FB90150DC8624B834F8FA91AA260294820BA4023011AAE74B44982AEEF412B4A43A015A65C7A5C2DAEC2F8EFB16B5D0D98751829D036D593B88CB551
                                                                                  Malicious:false
                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369987794465130","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):32768
                                                                                  Entropy (8bit):0.11565584776072205
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:WtZ6LtZPApEjVl/PnnnnnnnnnnnnnnnvoQsUQo8AGS:WtZetZEoPnnnnnnnnnnnnnnnvN3zd
                                                                                  MD5:D04AEFB1DE8A354E9B345F99B9EDAB11
                                                                                  SHA1:DF7BBC5247B65E8CBD31631EA1697DC7922440E5
                                                                                  SHA-256:C38C087D84E5A20B23447A6C710469CDA528CA4742EC4E453B0C8D5D51DDFF24
                                                                                  SHA-512:F5EADEBC8875784C7914768B729D3EF6C8285EB16EB3027A7C1A72FA3E20537E5E659631B529D4944EC70FC36AE838C6AF53143E93A86BCC9476E59FB9F58B21
                                                                                  Malicious:false
                                                                                  Preview:..-.............].......p..C.B..4..}..?)..1.....-.............].......p..C.B..4..}..?)..1...........Y...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                                  Category:dropped
                                                                                  Size (bytes):383192
                                                                                  Entropy (8bit):1.082136601445914
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:4jw2f4YN7nKrID1CM9mMU2MTLJqMlEMHL:J9t
                                                                                  MD5:B401E4D275FFCC74DC33FD9A8FE383EC
                                                                                  SHA1:EA4D7B467A2A06FD40B19C7C0240BDD9CA442F04
                                                                                  SHA-256:CBC2C211B71B5C557CC516DB2A220B2632DB034144F310183E4D0C35BD47EEF8
                                                                                  SHA-512:DE4CD2B40C7D520E0BE002E708FE6271FA51D986D912BB51580283330F0118249BEBD6A6439F25E07A8CF094A96CE582AACE360CCC88180FFB08E821E631F7F7
                                                                                  Malicious:false
                                                                                  Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:modified
                                                                                  Size (bytes):723
                                                                                  Entropy (8bit):3.208530250938624
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuuY8e:iD
                                                                                  MD5:C35514C241183B8072FC9B5911C59C23
                                                                                  SHA1:8346D7D34F9C9CC04438CE8B8C5403108F603F84
                                                                                  SHA-256:441074A0C3B4D92A9E949EBF42DA78771D4C948D09E83563171E7A85871B6A16
                                                                                  SHA-512:BA2C8777CA11056C03713C9BE5E60B4413E04F0272132E82A7D1F16FCE3308685CEDBB4B97CC143BB058BAEA94613D8501F1F018EF223A5BC00267E9B16136B9
                                                                                  Malicious:false
                                                                                  Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=..............._M.!0................39_config..........6.....n ...1V.e................V.e................V.e................V.e................V.e................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):324
                                                                                  Entropy (8bit):5.222752205388183
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PdM+q2P923oH+TcwtfrK+IFUt82yZmw+2dMVkwO923oH+TcwtfrUeLJ:PdM+v4Yeb23FUt82y/+2dMV5LYeb3J
                                                                                  MD5:FA8F858B7E597BF5F414E0DCEC0FA911
                                                                                  SHA1:0AE395B3D4A7430BC5C73244D85439AD440C3804
                                                                                  SHA-256:E26569B50830E87F6AC7F8BC780CC032DC89991C0F44B7510F4F95726FD9F180
                                                                                  SHA-512:A12EA58175D102460B8A3FE6464A79178CBDC85F346F3F38F6E2054C1B9D58910BC7282EDC151945047B7C16F1368160ED58966A986B9D0BC247E8334A2BFB3D
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.469 1f6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/05-01:29:54.469 1f6c Recovering log #3.2024/09/05-01:29:54.469 1f6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):324
                                                                                  Entropy (8bit):5.222752205388183
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PdM+q2P923oH+TcwtfrK+IFUt82yZmw+2dMVkwO923oH+TcwtfrUeLJ:PdM+v4Yeb23FUt82y/+2dMV5LYeb3J
                                                                                  MD5:FA8F858B7E597BF5F414E0DCEC0FA911
                                                                                  SHA1:0AE395B3D4A7430BC5C73244D85439AD440C3804
                                                                                  SHA-256:E26569B50830E87F6AC7F8BC780CC032DC89991C0F44B7510F4F95726FD9F180
                                                                                  SHA-512:A12EA58175D102460B8A3FE6464A79178CBDC85F346F3F38F6E2054C1B9D58910BC7282EDC151945047B7C16F1368160ED58966A986B9D0BC247E8334A2BFB3D
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.469 1f6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/05-01:29:54.469 1f6c Recovering log #3.2024/09/05-01:29:54.469 1f6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):787
                                                                                  Entropy (8bit):4.059252238767438
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                  MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                  SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                  SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                  SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                  Malicious:false
                                                                                  Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):342
                                                                                  Entropy (8bit):5.209530045870494
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PfMlM+q2P923oH+TcwtfrzAdIFUt82yZZmw+2yMMVkwO923oH+TcwtfrzILJ:PfUM+v4Yeb9FUt82G/+2JMV5LYeb2J
                                                                                  MD5:55B82BEF7003374AC467B420DDEF52F8
                                                                                  SHA1:CC38E1A06BD062A19162D844AF9D09616891250D
                                                                                  SHA-256:E18A11F692C4C72AC7A4CC5D3F2FA2873AA1539AF2CE15432AD2BAC88FFAD50A
                                                                                  SHA-512:E5496FCBA91BE836546CBED47BF2F1996F63F77E32948C2CFDA730FED66F50A6A889163A6AE630CED6DD5485FB6ACEF4ABED92A7DE2F23DA8FFB6268A40D69BB
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.464 1f6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/05-01:29:54.465 1f6c Recovering log #3.2024/09/05-01:29:54.465 1f6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):342
                                                                                  Entropy (8bit):5.209530045870494
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:PfMlM+q2P923oH+TcwtfrzAdIFUt82yZZmw+2yMMVkwO923oH+TcwtfrzILJ:PfUM+v4Yeb9FUt82G/+2JMV5LYeb2J
                                                                                  MD5:55B82BEF7003374AC467B420DDEF52F8
                                                                                  SHA1:CC38E1A06BD062A19162D844AF9D09616891250D
                                                                                  SHA-256:E18A11F692C4C72AC7A4CC5D3F2FA2873AA1539AF2CE15432AD2BAC88FFAD50A
                                                                                  SHA-512:E5496FCBA91BE836546CBED47BF2F1996F63F77E32948C2CFDA730FED66F50A6A889163A6AE630CED6DD5485FB6ACEF4ABED92A7DE2F23DA8FFB6268A40D69BB
                                                                                  Malicious:false
                                                                                  Preview:2024/09/05-01:29:54.464 1f6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/05-01:29:54.465 1f6c Recovering log #3.2024/09/05-01:29:54.465 1f6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):120
                                                                                  Entropy (8bit):3.32524464792714
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                  MD5:A397E5983D4A1619E36143B4D804B870
                                                                                  SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                  SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                  SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                  Malicious:false
                                                                                  Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):13
                                                                                  Entropy (8bit):2.7192945256669794
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:NYLFRQI:ap2I
                                                                                  MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                  SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                  SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                  SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                  Malicious:false
                                                                                  Preview:117.0.2045.47

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):44137
                                                                                  Entropy (8bit):6.090747766165329
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE06ftbz8hu3VlXr4CRo1
                                                                                  MD5:FB8843F9AAD9E61E5389B18FA5AB4964
                                                                                  SHA1:1CD23EB24DC9D0AD5230AA1845F0C28D682669FB
                                                                                  SHA-256:D1E6D8B2BBFC7E85797D76A3D428A9E7D0BBD9DCFFD0000080222F9AC93EF94F
                                                                                  SHA-512:92D8B9668658B0D5C03D2B8F8B33F268C5705084663328C1DE9E748C8FE33951B485073E1672EC817220A10B5CF971CAC7D541EDC51FD0B249D8140316C3A990
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30e1a.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):44137
                                                                                  Entropy (8bit):6.090747766165329
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE06ftbz8hu3VlXr4CRo1
                                                                                  MD5:FB8843F9AAD9E61E5389B18FA5AB4964
                                                                                  SHA1:1CD23EB24DC9D0AD5230AA1845F0C28D682669FB
                                                                                  SHA-256:D1E6D8B2BBFC7E85797D76A3D428A9E7D0BBD9DCFFD0000080222F9AC93EF94F
                                                                                  SHA-512:92D8B9668658B0D5C03D2B8F8B33F268C5705084663328C1DE9E748C8FE33951B485073E1672EC817220A10B5CF971CAC7D541EDC51FD0B249D8140316C3A990
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30e88.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):44137
                                                                                  Entropy (8bit):6.090747766165329
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE06ftbz8hu3VlXr4CRo1
                                                                                  MD5:FB8843F9AAD9E61E5389B18FA5AB4964
                                                                                  SHA1:1CD23EB24DC9D0AD5230AA1845F0C28D682669FB
                                                                                  SHA-256:D1E6D8B2BBFC7E85797D76A3D428A9E7D0BBD9DCFFD0000080222F9AC93EF94F
                                                                                  SHA-512:92D8B9668658B0D5C03D2B8F8B33F268C5705084663328C1DE9E748C8FE33951B485073E1672EC817220A10B5CF971CAC7D541EDC51FD0B249D8140316C3A990
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3100e.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):44137
                                                                                  Entropy (8bit):6.090747766165329
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE06ftbz8hu3VlXr4CRo1
                                                                                  MD5:FB8843F9AAD9E61E5389B18FA5AB4964
                                                                                  SHA1:1CD23EB24DC9D0AD5230AA1845F0C28D682669FB
                                                                                  SHA-256:D1E6D8B2BBFC7E85797D76A3D428A9E7D0BBD9DCFFD0000080222F9AC93EF94F
                                                                                  SHA-512:92D8B9668658B0D5C03D2B8F8B33F268C5705084663328C1DE9E748C8FE33951B485073E1672EC817220A10B5CF971CAC7D541EDC51FD0B249D8140316C3A990
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3376c.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):44137
                                                                                  Entropy (8bit):6.090747766165329
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE06ftbz8hu3VlXr4CRo1
                                                                                  MD5:FB8843F9AAD9E61E5389B18FA5AB4964
                                                                                  SHA1:1CD23EB24DC9D0AD5230AA1845F0C28D682669FB
                                                                                  SHA-256:D1E6D8B2BBFC7E85797D76A3D428A9E7D0BBD9DCFFD0000080222F9AC93EF94F
                                                                                  SHA-512:92D8B9668658B0D5C03D2B8F8B33F268C5705084663328C1DE9E748C8FE33951B485073E1672EC817220A10B5CF971CAC7D541EDC51FD0B249D8140316C3A990
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF420e2.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):44137
                                                                                  Entropy (8bit):6.090747766165329
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE06ftbz8hu3VlXr4CRo1
                                                                                  MD5:FB8843F9AAD9E61E5389B18FA5AB4964
                                                                                  SHA1:1CD23EB24DC9D0AD5230AA1845F0C28D682669FB
                                                                                  SHA-256:D1E6D8B2BBFC7E85797D76A3D428A9E7D0BBD9DCFFD0000080222F9AC93EF94F
                                                                                  SHA-512:92D8B9668658B0D5C03D2B8F8B33F268C5705084663328C1DE9E748C8FE33951B485073E1672EC817220A10B5CF971CAC7D541EDC51FD0B249D8140316C3A990
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF47c41.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):44137
                                                                                  Entropy (8bit):6.090747766165329
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE06ftbz8hu3VlXr4CRo1
                                                                                  MD5:FB8843F9AAD9E61E5389B18FA5AB4964
                                                                                  SHA1:1CD23EB24DC9D0AD5230AA1845F0C28D682669FB
                                                                                  SHA-256:D1E6D8B2BBFC7E85797D76A3D428A9E7D0BBD9DCFFD0000080222F9AC93EF94F
                                                                                  SHA-512:92D8B9668658B0D5C03D2B8F8B33F268C5705084663328C1DE9E748C8FE33951B485073E1672EC817220A10B5CF971CAC7D541EDC51FD0B249D8140316C3A990
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):0.5963118027796015
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                                                  MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                                                  SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                                                  SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                                                  SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):47
                                                                                  Entropy (8bit):4.3818353308528755
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                  MD5:48324111147DECC23AC222A361873FC5
                                                                                  SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                  SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                  SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                  Malicious:false
                                                                                  Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):35
                                                                                  Entropy (8bit):4.014438730983427
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                  MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                  SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                  SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                  SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                  Malicious:false
                                                                                  Preview:{"forceServiceDetermination":false}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):50
                                                                                  Entropy (8bit):3.9904355005135823
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                  MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                  SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                  SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                  SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                  Malicious:false
                                                                                  Preview:topTraffic_170540185939602997400506234197983529371

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):575056
                                                                                  Entropy (8bit):7.999649474060713
                                                                                  Encrypted:true
                                                                                  SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                  MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                  SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                  SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                  SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                  Malicious:false
                                                                                  Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):86
                                                                                  Entropy (8bit):4.3751917412896075
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                  MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                  SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                  SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                  SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                  Malicious:false
                                                                                  Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bf05113d-c40f-417b-ad7c-5dbb1df003b2.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):43055
                                                                                  Entropy (8bit):6.081422636942587
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4FogbEIhDO6vP6OlpSODFDTUCQavCAoQGoup1Xl3jVzXrv:mMGQ5XMBWogo6KavRoQhu3VlXr4s
                                                                                  MD5:3C97A4C9B3E12292FC62340126A93B55
                                                                                  SHA1:A0CBF164447FF9BCDBD8CB451634B56D412582B5
                                                                                  SHA-256:C1DAFEBEC6B9D2D871EA8902502CCE943466805E16502864F27676422DAF7082
                                                                                  SHA-512:7B3D912FB936E32503B96AB8A714741F61CD0446B0E8C091F8BD440C7A5829D26355996BE51A9FDA1D581DB4FCE8D13C82E02702F5C0A1E6A32A383E41189F01
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c8456309-c7e2-4f84-864f-1294d4cefe92.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):43055
                                                                                  Entropy (8bit):6.081419491859314
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4F9gbEIhDO6vP6OlpSODFDTUCQavCAoQGoup1Xl3jVzXrv:mMGQ5XMBW9go6KavRoQhu3VlXr4s
                                                                                  MD5:DB1993718E0F78AFF55506FAB62ED91D
                                                                                  SHA1:388F5FC01C04AEBAD696F518D4864316B5F1040E
                                                                                  SHA-256:3F916E3E52C2048AE4BB865F12BBFE93D79C4BF65F08A5CECC87FFD6F2E6F637
                                                                                  SHA-512:B138037CBA4EBB1B4D995876816055973650A86D9619E01454BC72344EDC57115907466751B83A3CA34F94708DD03F9AB61C5660A6C9F287B5EE54A86DFBC409
                                                                                  Malicious:false
                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):2278
                                                                                  Entropy (8bit):3.838241376918877
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:uiTrlKxrgxixl9Il8uGMiZVgcAR+N6dNl5c7sd1rc:mrYgMiZGcAoNGNl5c7L
                                                                                  MD5:6E6802F491FFF88BE3E0B5E76B7E2821
                                                                                  SHA1:72DFFE442D64FC1DAD6AF35998E53CBBE2026042
                                                                                  SHA-256:738E923CF5F10918A24754E82B4A7A946BA199E390F18830FD3BE6F4CE9113B6
                                                                                  SHA-512:3FF91C28ED0A3305FF63ED361A63DFFB5D38000C015282D4B78224A24162A534687A6175092618A0708B02148DA9957A72F42D39FF570920E834F9C28F666677
                                                                                  Malicious:false
                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.K.C.u.B.l.3./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.c.v.d.M.J.

                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):4622
                                                                                  Entropy (8bit):3.996633796991221
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:G6YgMG0yvxstOvtP8gAICG/LPheSo2OBb0:7V+yvxsYvtUFa/xo2AQ
                                                                                  MD5:ED28D6A60629FD07F709DE8B4B527F60
                                                                                  SHA1:AAC334AA2611965DE3116B0FF4C48C427CECDA8F
                                                                                  SHA-256:D28E71A04413CE2B7FEEEB281F0CB2313265C131F9DE132BC79667097B56030A
                                                                                  SHA-512:825B3C218C2E576BAF8BB486A54A62CD5689EFD41F2DFE6D72A58361B95175B80B01ABF3A53589086CCFF9E1901842D5841187942B48993869B35146F30FEB88
                                                                                  Malicious:false
                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".5.P.V.8.7.F.T./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.c.v.d.M.J.

                                                                                  C:\Users\user\AppData\Local\Temp\149ebd03-6612-4da4-8605-a4313993ad72.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:very short file (no magic)
                                                                                  Category:dropped
                                                                                  Size (bytes):1
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:L:L
                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                  Malicious:false
                                                                                  Preview:.

                                                                                  C:\Users\user\AppData\Local\Temp\6564c9cd-2de7-4c1a-b326-3ed991977a35.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
                                                                                  Category:dropped
                                                                                  Size (bytes):76321
                                                                                  Entropy (8bit):7.996057445951542
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
                                                                                  MD5:D7A1AC56ED4F4D17DD0524C88892C56D
                                                                                  SHA1:4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
                                                                                  SHA-256:0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
                                                                                  SHA-512:31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
                                                                                  Malicious:false
                                                                                  Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                  C:\Users\user\AppData\Local\Temp\76ef0d74-f06d-4f09-914d-ffcf422f99cf.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:Google Chrome extension, version 3
                                                                                  Category:dropped
                                                                                  Size (bytes):11185
                                                                                  Entropy (8bit):7.951995436832936
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                  Malicious:false
                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                  C:\Users\user\AppData\Local\Temp\7af38948-b915-4fb1-8b91-6d308fce692c.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 693862
                                                                                  Category:dropped
                                                                                  Size (bytes):524851
                                                                                  Entropy (8bit):7.998175170174737
                                                                                  Encrypted:true
                                                                                  SSDEEP:12288:OjaIfacGDwmyu0bCD7gSMefMn/9mf+x4AsLXZ+E70G+G7:OjaICAmx14b/O+x4AsLXZbxd7
                                                                                  MD5:CBC3043AEFA20F4E725AEB61A24037F2
                                                                                  SHA1:B9E6BA5B7F2E0DD3E774713BC31364E6261DE396
                                                                                  SHA-256:55B4E998F8C75894F1E8B5C90231DB61290F5FAE97C912489A2C17B161767F06
                                                                                  SHA-512:C8F05203F5047592375D7BFF83DA2C655F9B69D8F813FE9BDCA361DB0B54F62CF2774AB41346997CA3B9D232F4353DC6E474F53C31D9CD0AC53903D79D16667F
                                                                                  Malicious:false
                                                                                  Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                                                                  C:\Users\user\AppData\Local\Temp\90430c11-3fa8-49ae-8a12-122574b8a30f.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:very short file (no magic)
                                                                                  Category:dropped
                                                                                  Size (bytes):1
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:L:L
                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                  Malicious:false
                                                                                  Preview:.

                                                                                  C:\Users\user\AppData\Local\Temp\93008367-d08d-4e98-8690-979be15825b2.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:Google Chrome extension, version 3
                                                                                  Category:dropped
                                                                                  Size (bytes):135751
                                                                                  Entropy (8bit):7.804610863392373
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                  MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                  SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                  SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                  SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                  Malicious:false
                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                  C:\Users\user\AppData\Local\Temp\a4053ea9-241e-4b98-8821-e14153badaf7.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                  Category:dropped
                                                                                  Size (bytes):206855
                                                                                  Entropy (8bit):7.983996634657522
                                                                                  Encrypted:false
                                                                                  SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                  MD5:788DF0376CE061534448AA17288FEA95
                                                                                  SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                  SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                  SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                  Malicious:false
                                                                                  Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                  C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2110
                                                                                  Entropy (8bit):5.409853381272748
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rr/:8e2Fa116uCntc5toYKxM
                                                                                  MD5:3AEDF8CC6B6EBFDA815D58DA27A29719
                                                                                  SHA1:8424F2A042CDE2773D9BF4A1527DECC651E3BCE9
                                                                                  SHA-256:85188E1DF68A183EC0C8B0FD573166D2D7F71ED28D1B1B74B1D6F0D0CDE0577C
                                                                                  SHA-512:5ABEB8B6FD6C53A8B0D2B755F2D059841B91A5ACB36B35A09693C5B66AB0201D05DA2B115DD0E60098C2AACC028FF0EDCB91291A056760CE15D4C96CE330E35C
                                                                                  Malicious:false
                                                                                  Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                                  C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                  Category:dropped
                                                                                  Size (bytes):32768
                                                                                  Entropy (8bit):0.4593089050301797
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                  MD5:D910AD167F0217587501FDCDB33CC544
                                                                                  SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                  SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                  SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                  Malicious:false
                                                                                  Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1663341378\76ef0d74-f06d-4f09-914d-ffcf422f99cf.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:Google Chrome extension, version 3
                                                                                  Category:dropped
                                                                                  Size (bytes):11185
                                                                                  Entropy (8bit):7.951995436832936
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                  Malicious:false
                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1663341378\CRX_INSTALL\_metadata\verified_contents.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1753
                                                                                  Entropy (8bit):5.8889033066924155
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                  MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                  SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                  SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                  SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                  Malicious:false
                                                                                  Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1663341378\CRX_INSTALL\content.js

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):9815
                                                                                  Entropy (8bit):6.1716321262973315
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                  MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                  SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                  SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                  SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                  Malicious:false
                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1663341378\CRX_INSTALL\content_new.js

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):10388
                                                                                  Entropy (8bit):6.174387413738973
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                  MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                  SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                  SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                  SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                  Malicious:false
                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1663341378\CRX_INSTALL\manifest.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):962
                                                                                  Entropy (8bit):5.698567446030411
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                  MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                  SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                  SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                  SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                  Malicious:false
                                                                                  Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\93008367-d08d-4e98-8690-979be15825b2.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:Google Chrome extension, version 3
                                                                                  Category:dropped
                                                                                  Size (bytes):135751
                                                                                  Entropy (8bit):7.804610863392373
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                  MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                  SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                  SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                  SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                  Malicious:false
                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\128.png

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                  Category:dropped
                                                                                  Size (bytes):4982
                                                                                  Entropy (8bit):7.929761711048726
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                  MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                  SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                  SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                  SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                  Malicious:false
                                                                                  Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\af\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):908
                                                                                  Entropy (8bit):4.512512697156616
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                  MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                  SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                  SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                  SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\am\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1285
                                                                                  Entropy (8bit):4.702209356847184
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                  MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                  SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                  SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                  SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ar\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1244
                                                                                  Entropy (8bit):4.5533961615623735
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                  MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                  SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                  SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                  SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\az\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):977
                                                                                  Entropy (8bit):4.867640976960053
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                  MD5:9A798FD298008074E59ECC253E2F2933
                                                                                  SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                  SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                  SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\be\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):3107
                                                                                  Entropy (8bit):3.535189746470889
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                  MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                  SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                  SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                  SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\bg\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1389
                                                                                  Entropy (8bit):4.561317517930672
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                  MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                  SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                  SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                  SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\bn\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1763
                                                                                  Entropy (8bit):4.25392954144533
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                  MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                  SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                  SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                  SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ca\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):930
                                                                                  Entropy (8bit):4.569672473374877
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                  MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                  SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                  SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                  SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\cs\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):913
                                                                                  Entropy (8bit):4.947221919047
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                  MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                  SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                  SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                  SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\cy\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):806
                                                                                  Entropy (8bit):4.815663786215102
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                  MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                  SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                  SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                  SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\da\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):883
                                                                                  Entropy (8bit):4.5096240460083905
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                  MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                  SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                  SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                  SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\de\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1031
                                                                                  Entropy (8bit):4.621865814402898
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                  MD5:D116453277CC860D196887CEC6432FFE
                                                                                  SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                  SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                  SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\el\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1613
                                                                                  Entropy (8bit):4.618182455684241
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                  MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                  SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                  SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                  SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\en\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):851
                                                                                  Entropy (8bit):4.4858053753176526
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):851
                                                                                  Entropy (8bit):4.4858053753176526
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):848
                                                                                  Entropy (8bit):4.494568170878587
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                  MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                  SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                  SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                  SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\en_US\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1425
                                                                                  Entropy (8bit):4.461560329690825
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                  MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                  SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                  SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                  SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                  Malicious:false
                                                                                  Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\es\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):961
                                                                                  Entropy (8bit):4.537633413451255
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                  MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                  SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                  SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                  SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\es_419\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):959
                                                                                  Entropy (8bit):4.570019855018913
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                  MD5:535331F8FB98894877811B14994FEA9D
                                                                                  SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                  SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                  SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\et\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):968
                                                                                  Entropy (8bit):4.633956349931516
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                  MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                  SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                  SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                  SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\eu\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):838
                                                                                  Entropy (8bit):4.4975520913636595
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                  MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                  SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                  SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                  SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\fa\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1305
                                                                                  Entropy (8bit):4.673517697192589
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                  MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                  SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                  SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                  SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\fi\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):911
                                                                                  Entropy (8bit):4.6294343834070935
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                  MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                  SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                  SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                  SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\fil\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):939
                                                                                  Entropy (8bit):4.451724169062555
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                  MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                  SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                  SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                  SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\fr\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):977
                                                                                  Entropy (8bit):4.622066056638277
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                  MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                  SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                  SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                  SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):972
                                                                                  Entropy (8bit):4.621319511196614
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                  MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                  SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                  SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                  SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\gl\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):990
                                                                                  Entropy (8bit):4.497202347098541
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                  MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                  SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                  SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                  SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\gu\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1658
                                                                                  Entropy (8bit):4.294833932445159
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                  MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                  SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                  SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                  SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\hi\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1672
                                                                                  Entropy (8bit):4.314484457325167
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                  MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                  SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                  SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                  SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\hr\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):935
                                                                                  Entropy (8bit):4.6369398601609735
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                  MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                  SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                  SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                  SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\hu\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1065
                                                                                  Entropy (8bit):4.816501737523951
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                  MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                  SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                  SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                  SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\hy\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2771
                                                                                  Entropy (8bit):3.7629875118570055
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                  MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                  SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                  SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                  SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\id\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):858
                                                                                  Entropy (8bit):4.474411340525479
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                  MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                  SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                  SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                  SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\is\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):954
                                                                                  Entropy (8bit):4.631887382471946
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                                  MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                                  SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                                  SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                                  SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\it\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):899
                                                                                  Entropy (8bit):4.474743599345443
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                  MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                  SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                  SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                  SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\iw\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2230
                                                                                  Entropy (8bit):3.8239097369647634
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                  MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                  SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                  SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                  SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ja\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1160
                                                                                  Entropy (8bit):5.292894989863142
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                  MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                  SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                  SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                  SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ka\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):3264
                                                                                  Entropy (8bit):3.586016059431306
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                  MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                  SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                  SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                  SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\kk\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):3235
                                                                                  Entropy (8bit):3.6081439490236464
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                  MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                  SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                  SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                  SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\km\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):3122
                                                                                  Entropy (8bit):3.891443295908904
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                  MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                  SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                  SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                  SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\kn\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1880
                                                                                  Entropy (8bit):4.295185867329351
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                                  MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                                  SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                                  SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                                  SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ko\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1042
                                                                                  Entropy (8bit):5.3945675025513955
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                  MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                  SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                  SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                  SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\lo\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2535
                                                                                  Entropy (8bit):3.8479764584971368
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                  MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                  SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                  SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                  SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\lt\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1028
                                                                                  Entropy (8bit):4.797571191712988
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                  MD5:970544AB4622701FFDF66DC556847652
                                                                                  SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                  SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                  SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\lv\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):994
                                                                                  Entropy (8bit):4.700308832360794
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                  MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                  SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                  SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                  SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ml\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2091
                                                                                  Entropy (8bit):4.358252286391144
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                  MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                  SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                  SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                  SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\mn\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2778
                                                                                  Entropy (8bit):3.595196082412897
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                  MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                  SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                  SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                  SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\mr\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1719
                                                                                  Entropy (8bit):4.287702203591075
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                  MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                  SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                  SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                  SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ms\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):936
                                                                                  Entropy (8bit):4.457879437756106
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                  MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                  SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                  SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                  SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\my\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):3830
                                                                                  Entropy (8bit):3.5483353063347587
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                  MD5:342335A22F1886B8BC92008597326B24
                                                                                  SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                  SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                  SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ne\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1898
                                                                                  Entropy (8bit):4.187050294267571
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                  MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                  SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                  SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                  SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\nl\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):914
                                                                                  Entropy (8bit):4.513485418448461
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                  MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                  SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                  SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                  SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\no\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):878
                                                                                  Entropy (8bit):4.4541485835627475
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                  MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                  SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                  SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                  SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\pa\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2766
                                                                                  Entropy (8bit):3.839730779948262
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                  MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                  SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                  SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                  SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\pl\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):978
                                                                                  Entropy (8bit):4.879137540019932
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                  MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                  SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                  SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                  SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):907
                                                                                  Entropy (8bit):4.599411354657937
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                  MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                  SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                  SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                  SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):914
                                                                                  Entropy (8bit):4.604761241355716
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                  MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                  SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                  SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                  SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ro\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):937
                                                                                  Entropy (8bit):4.686555713975264
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                  MD5:BED8332AB788098D276B448EC2B33351
                                                                                  SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                  SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                  SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ru\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1337
                                                                                  Entropy (8bit):4.69531415794894
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                  MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                  SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                  SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                  SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\si\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2846
                                                                                  Entropy (8bit):3.7416822879702547
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                  MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                  SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                  SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                  SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\sk\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):934
                                                                                  Entropy (8bit):4.882122893545996
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                  MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                  SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                  SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                  SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\sl\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):963
                                                                                  Entropy (8bit):4.6041913416245
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                  MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                  SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                  SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                  SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\sr\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1320
                                                                                  Entropy (8bit):4.569671329405572
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                  MD5:7F5F8933D2D078618496C67526A2B066
                                                                                  SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                  SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                  SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\sv\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):884
                                                                                  Entropy (8bit):4.627108704340797
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                  MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                  SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                  SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                  SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\sw\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):980
                                                                                  Entropy (8bit):4.50673686618174
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                  MD5:D0579209686889E079D87C23817EDDD5
                                                                                  SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                  SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                  SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ta\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1941
                                                                                  Entropy (8bit):4.132139619026436
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                  MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                  SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                  SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                  SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\te\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1969
                                                                                  Entropy (8bit):4.327258153043599
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                  MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                  SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                  SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                  SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\th\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1674
                                                                                  Entropy (8bit):4.343724179386811
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                  MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                  SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                  SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                  SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\tr\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1063
                                                                                  Entropy (8bit):4.853399816115876
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                  MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                  SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                  SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                  SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\uk\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1333
                                                                                  Entropy (8bit):4.686760246306605
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                  MD5:970963C25C2CEF16BB6F60952E103105
                                                                                  SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                  SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                  SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\ur\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1263
                                                                                  Entropy (8bit):4.861856182762435
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                  MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                  SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                  SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                  SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\vi\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1074
                                                                                  Entropy (8bit):5.062722522759407
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                  MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                  SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                  SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                  SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):879
                                                                                  Entropy (8bit):5.7905809868505544
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                  MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                  SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                  SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                  SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1205
                                                                                  Entropy (8bit):4.50367724745418
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                  MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                  SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                  SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                  SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):843
                                                                                  Entropy (8bit):5.76581227215314
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                  MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                  SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                  SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                  SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                  Malicious:false
                                                                                  Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_locales\zu\messages.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):912
                                                                                  Entropy (8bit):4.65963951143349
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                  MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                  SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                  SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                  SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                  Malicious:false
                                                                                  Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\_metadata\verified_contents.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):11280
                                                                                  Entropy (8bit):5.754230909218899
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                                  MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                                  SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                                  SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                                  SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                                  Malicious:false
                                                                                  Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\dasherSettingSchema.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):854
                                                                                  Entropy (8bit):4.284628987131403
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                  MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                  SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                  SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                  SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                  Malicious:false
                                                                                  Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\manifest.json

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2525
                                                                                  Entropy (8bit):5.417689528134667
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                                  MD5:10FF8E5B674311683D27CE1879384954
                                                                                  SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                                  SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                                  SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                                  Malicious:false
                                                                                  Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\offscreendocument.html

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:HTML document, ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):97
                                                                                  Entropy (8bit):4.862433271815736
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                  MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                  SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                  SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                  SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                  Malicious:false
                                                                                  Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\offscreendocument_main.js

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text, with very long lines (4369)
                                                                                  Category:dropped
                                                                                  Size (bytes):95567
                                                                                  Entropy (8bit):5.4016395763198135
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                                  MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                                  SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                                  SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                                  SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                                  Malicious:false
                                                                                  Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\page_embed_script.js

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):291
                                                                                  Entropy (8bit):4.65176400421739
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                  MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                  SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                  SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                  SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                  Malicious:false
                                                                                  Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7900_1702240926\CRX_INSTALL\service_worker_bin_prod.js

                                                                                  Download File
                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  File Type:ASCII text, with very long lines (4369)
                                                                                  Category:dropped
                                                                                  Size (bytes):103988
                                                                                  Entropy (8bit):5.389407461078688
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                                  MD5:EA946F110850F17E637B15CF22B82837
                                                                                  SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                                  SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                                  SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                                  Malicious:false
                                                                                  Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                                                  C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                  Category:dropped
                                                                                  Size (bytes):453023
                                                                                  Entropy (8bit):7.997718157581587
                                                                                  Encrypted:true
                                                                                  SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                  MD5:85430BAED3398695717B0263807CF97C
                                                                                  SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                  SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                  SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                  Malicious:false
                                                                                  Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):24
                                                                                  Entropy (8bit):3.91829583405449
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                  MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                  SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                  SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                  SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                  Malicious:false
                                                                                  Preview:{"schema":6,"addons":[]}

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):24
                                                                                  Entropy (8bit):3.91829583405449
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                  MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                  SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                  SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                  SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                  Malicious:false
                                                                                  Preview:{"schema":6,"addons":[]}

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                  Category:dropped
                                                                                  Size (bytes):66
                                                                                  Entropy (8bit):4.837595020998689
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                  MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                  SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                  SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                  SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                  Malicious:false
                                                                                  Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                  Category:dropped
                                                                                  Size (bytes):66
                                                                                  Entropy (8bit):4.837595020998689
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                  MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                  SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                  SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                  SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                  Malicious:false
                                                                                  Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):36830
                                                                                  Entropy (8bit):5.1867463390487
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                  MD5:98875950B62B398FFE70C0A8D0998017
                                                                                  SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                  SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                  SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                  Malicious:false
                                                                                  Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):36830
                                                                                  Entropy (8bit):5.1867463390487
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                  MD5:98875950B62B398FFE70C0A8D0998017
                                                                                  SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                  SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                  SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                  Malicious:false
                                                                                  Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1021904
                                                                                  Entropy (8bit):6.648417932394748
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                  MD5:FE3355639648C417E8307C6D051E3E37
                                                                                  SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                  SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                  SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Joe Sandbox View:
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1021904
                                                                                  Entropy (8bit):6.648417932394748
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                  MD5:FE3355639648C417E8307C6D051E3E37
                                                                                  SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                  SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                  SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Joe Sandbox View:
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):116
                                                                                  Entropy (8bit):4.968220104601006
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                  MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                  SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                  SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                  SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                  Malicious:false
                                                                                  Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):116
                                                                                  Entropy (8bit):4.968220104601006
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                  MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                  SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                  SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                  SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                  Malicious:false
                                                                                  Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):11225
                                                                                  Entropy (8bit):5.510624101397631
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:nnPOeRnHYbBp6RJ0aX+96SEXKlakHWNBw8rFSl:PPegJUk4fHEwY0
                                                                                  MD5:809CC9DD0AA73FD3246D44C20BAC1CBA
                                                                                  SHA1:FAF6F7A09FBE928A50A0E799BC24E5FFEA15A290
                                                                                  SHA-256:1720A07B90CD0EBD06CEE417CC487C06B44AEE12BC51A6460C5A23D4D0441EB9
                                                                                  SHA-512:B54A5620E1EB76FA05DF97C58BBCD958142D5BC77DE5B43A2CAADFF116C5D71C50CEB3BFF0A2604063A6112BCA7D064CEF31B3D40E7E54CA42E2DD762073F314
                                                                                  Malicious:false
                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725520318);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725520318);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):11225
                                                                                  Entropy (8bit):5.510624101397631
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:nnPOeRnHYbBp6RJ0aX+96SEXKlakHWNBw8rFSl:PPegJUk4fHEwY0
                                                                                  MD5:809CC9DD0AA73FD3246D44C20BAC1CBA
                                                                                  SHA1:FAF6F7A09FBE928A50A0E799BC24E5FFEA15A290
                                                                                  SHA-256:1720A07B90CD0EBD06CEE417CC487C06B44AEE12BC51A6460C5A23D4D0441EB9
                                                                                  SHA-512:B54A5620E1EB76FA05DF97C58BBCD958142D5BC77DE5B43A2CAADFF116C5D71C50CEB3BFF0A2604063A6112BCA7D064CEF31B3D40E7E54CA42E2DD762073F314
                                                                                  Malicious:false
                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725520318);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725520318);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\be317e0f-7a76-4e32-90c3-3ec18c407563 (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):493
                                                                                  Entropy (8bit):4.964337916933625
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:YZFgIe6gRHJWIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YJWRYSlCOlZGV1AQIWZcy6ZXvx
                                                                                  MD5:A80A7D9206C2145EC3F074D6DCB93285
                                                                                  SHA1:044818FB58F39A5B41A55049A96147AA1D910D9B
                                                                                  SHA-256:78021F26AD7357780470DF5506E23583BF25146C2BC9B9CE614E941430639359
                                                                                  SHA-512:1E383B2933DDCC8E0CF60EBE00388658CA7D2961EE5F852F5962A09006F92FCA7D7932910C9DEE734F77C18A5C62693D1CB6391A05312E45E1DE2E71F5AEBDF4
                                                                                  Malicious:false
                                                                                  Preview:{"type":"health","id":"be317e0f-7a76-4e32-90c3-3ec18c407563","creationDate":"2024-09-05T07:12:26.559Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\be317e0f-7a76-4e32-90c3-3ec18c407563.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:JSON data
                                                                                  Category:modified
                                                                                  Size (bytes):493
                                                                                  Entropy (8bit):4.964337916933625
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:YZFgIe6gRHJWIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YJWRYSlCOlZGV1AQIWZcy6ZXvx
                                                                                  MD5:A80A7D9206C2145EC3F074D6DCB93285
                                                                                  SHA1:044818FB58F39A5B41A55049A96147AA1D910D9B
                                                                                  SHA-256:78021F26AD7357780470DF5506E23583BF25146C2BC9B9CE614E941430639359
                                                                                  SHA-512:1E383B2933DDCC8E0CF60EBE00388658CA7D2961EE5F852F5962A09006F92FCA7D7932910C9DEE734F77C18A5C62693D1CB6391A05312E45E1DE2E71F5AEBDF4
                                                                                  Malicious:false
                                                                                  Preview:{"type":"health","id":"be317e0f-7a76-4e32-90c3-3ec18c407563","creationDate":"2024-09-05T07:12:26.559Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):53
                                                                                  Entropy (8bit):4.136624295551173
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                                  MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                                  SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                                  SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                                  SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                                  Malicious:false
                                                                                  Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):53
                                                                                  Entropy (8bit):4.136624295551173
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                                  MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                                  SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                                  SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                                  SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                                  Malicious:false
                                                                                  Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                                  Category:dropped
                                                                                  Size (bytes):272
                                                                                  Entropy (8bit):5.486199133118079
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3S0ExaWJltVh3zNNzdDdCQ:vLz2S+EWDDoWqC5mcPK32xzlh3Bd9
                                                                                  MD5:6E2C53AFFBB796DD6C8D19313827D6C3
                                                                                  SHA1:C658A7CEE36AC641C6877599F138D9F52549B222
                                                                                  SHA-256:BADE522D2B61E7396B58BA7A2824E7A1B51B0F76291B4CF001C74F10B89E96D3
                                                                                  SHA-512:FB5F8518DB276E7BCFA2CBFB1FB4405786BBE1C513D03568CD08D5818BD0E331D7706ED593A23AB418C2F661A7360BCD985429FD7BC07F74FCAE1507C79E0B4A
                                                                                  Malicious:false
                                                                                  Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1725520304633,"startTim...$284651,"recentCrashes":0},"global":{},"cookies":[]}

                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                                  Category:dropped
                                                                                  Size (bytes):272
                                                                                  Entropy (8bit):5.486199133118079
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3S0ExaWJltVh3zNNzdDdCQ:vLz2S+EWDDoWqC5mcPK32xzlh3Bd9
                                                                                  MD5:6E2C53AFFBB796DD6C8D19313827D6C3
                                                                                  SHA1:C658A7CEE36AC641C6877599F138D9F52549B222
                                                                                  SHA-256:BADE522D2B61E7396B58BA7A2824E7A1B51B0F76291B4CF001C74F10B89E96D3
                                                                                  SHA-512:FB5F8518DB276E7BCFA2CBFB1FB4405786BBE1C513D03568CD08D5818BD0E331D7706ED593A23AB418C2F661A7360BCD985429FD7BC07F74FCAE1507C79E0B4A
                                                                                  Malicious:false
                                                                                  Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1725520304633,"startTim...$284651,"recentCrashes":0},"global":{},"cookies":[]}

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                  Entropy (8bit):6.579570421769442
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                  File name:file.exe
                                                                                  File size:917'504 bytes
                                                                                  MD5:b4a9996ec8d5882c8f42789ef25e16db
                                                                                  SHA1:e04944a9991a0dbff3d5e0c338ccb500ed15041f
                                                                                  SHA256:9d1074158889499aaec70b85fe6c4841dcc8ce54be9aef57282ad3f3d238c63c
                                                                                  SHA512:a9533304a6f26eff8c05b059c0e17e35a50c30e460cdd1e31486b11f4f6fdaa56175c225c18b706e0c58cfe14c48ce167bb3ee489dff500976cfc852732fa5fe
                                                                                  SSDEEP:12288:5qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTd:5qDEvCTbMWu7rQYlBQcBiT6rprG8avd
                                                                                  TLSH:7F159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                  File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                  File Icon

                                                                                  Icon Hash:aaf3e3e3938382a0

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x420577
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                  Time Stamp:0x66D93943 [Thu Sep 5 04:53:23 2024 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:5
                                                                                  OS Version Minor:1
                                                                                  File Version Major:5
                                                                                  File Version Minor:1
                                                                                  Subsystem Version Major:5
                                                                                  Subsystem Version Minor:1
                                                                                  Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  call 00007FB6B5109703h
                                                                                  jmp 00007FB6B510900Fh
                                                                                  push ebp
                                                                                  mov ebp, esp
                                                                                  push esi
                                                                                  push dword ptr [ebp+08h]
                                                                                  mov esi, ecx
                                                                                  call 00007FB6B51091EDh
                                                                                  mov dword ptr [esi], 0049FDF0h
                                                                                  mov eax, esi
                                                                                  pop esi
                                                                                  pop ebp
                                                                                  retn 0004h
                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                  mov eax, ecx
                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                  mov dword ptr [ecx+04h], 0049FDF8h
                                                                                  mov dword ptr [ecx], 0049FDF0h
                                                                                  ret
                                                                                  push ebp
                                                                                  mov ebp, esp
                                                                                  push esi
                                                                                  push dword ptr [ebp+08h]
                                                                                  mov esi, ecx
                                                                                  call 00007FB6B51091BAh
                                                                                  mov dword ptr [esi], 0049FE0Ch
                                                                                  mov eax, esi
                                                                                  pop esi
                                                                                  pop ebp
                                                                                  retn 0004h
                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                  mov eax, ecx
                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                  mov dword ptr [ecx+04h], 0049FE14h
                                                                                  mov dword ptr [ecx], 0049FE0Ch
                                                                                  ret
                                                                                  push ebp
                                                                                  mov ebp, esp
                                                                                  push esi
                                                                                  mov esi, ecx
                                                                                  lea eax, dword ptr [esi+04h]
                                                                                  mov dword ptr [esi], 0049FDD0h
                                                                                  and dword ptr [eax], 00000000h
                                                                                  and dword ptr [eax+04h], 00000000h
                                                                                  push eax
                                                                                  mov eax, dword ptr [ebp+08h]
                                                                                  add eax, 04h
                                                                                  push eax
                                                                                  call 00007FB6B510BDADh
                                                                                  pop ecx
                                                                                  pop ecx
                                                                                  mov eax, esi
                                                                                  pop esi
                                                                                  pop ebp
                                                                                  retn 0004h
                                                                                  lea eax, dword ptr [ecx+04h]
                                                                                  mov dword ptr [ecx], 0049FDD0h
                                                                                  push eax
                                                                                  call 00007FB6B510BDF8h
                                                                                  pop ecx
                                                                                  ret
                                                                                  push ebp
                                                                                  mov ebp, esp
                                                                                  push esi
                                                                                  mov esi, ecx
                                                                                  lea eax, dword ptr [esi+04h]
                                                                                  mov dword ptr [esi], 0049FDD0h
                                                                                  push eax
                                                                                  call 00007FB6B510BDE1h
                                                                                  test byte ptr [ebp+08h], 00000001h
                                                                                  pop ecx

                                                                                  Rich Headers

                                                                                  Programming Language:
                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                  • [IMP] VS2008 SP1 build 30729

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                  .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .rsrc0xd40000x95000x9600473bb5686b01542c40bce05ddcc9a2fdFalse0.28109375data5.160951795931208IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                  RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                  RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                  RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                  RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                  RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                  RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                  RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                  RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                  RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                  RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                  RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                  RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                  RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                  RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                  RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                  RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                  RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                  RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                  RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                  RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                                                  RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                                                  RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                                                  RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                                                  RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                                                  RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                                                  RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                  Imports

                                                                                  DLLImport
                                                                                  WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                  VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                  WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                  COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                  MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                  WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                  PSAPI.DLLGetProcessMemoryInfo
                                                                                  IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                  USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                  UxTheme.dllIsThemeActive
                                                                                  KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                  USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                  GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                  COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                  ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                  SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                  ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                  OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                  Possible Origin

                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                  EnglishGreat Britain

                                                                                  Network Behavior

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Sep 5, 2024 07:29:50.001307011 CEST49675443192.168.2.523.1.237.91
                                                                                  Sep 5, 2024 07:29:50.001315117 CEST49674443192.168.2.523.1.237.91
                                                                                  Sep 5, 2024 07:29:50.110676050 CEST49673443192.168.2.523.1.237.91
                                                                                  Sep 5, 2024 07:29:56.086245060 CEST49710443192.168.2.540.71.99.188
                                                                                  Sep 5, 2024 07:29:56.086256027 CEST4434971040.71.99.188192.168.2.5
                                                                                  Sep 5, 2024 07:29:56.086757898 CEST49710443192.168.2.540.71.99.188
                                                                                  Sep 5, 2024 07:29:56.087573051 CEST49710443192.168.2.540.71.99.188
                                                                                  Sep 5, 2024 07:29:56.087582111 CEST4434971040.71.99.188192.168.2.5
                                                                                  Sep 5, 2024 07:29:56.681235075 CEST4434971040.71.99.188192.168.2.5
                                                                                  Sep 5, 2024 07:29:56.886890888 CEST49710443192.168.2.540.71.99.188
                                                                                  Sep 5, 2024 07:29:57.079149008 CEST49710443192.168.2.540.71.99.188
                                                                                  Sep 5, 2024 07:29:57.079161882 CEST4434971040.71.99.188192.168.2.5
                                                                                  Sep 5, 2024 07:29:57.080960989 CEST4434971040.71.99.188192.168.2.5
                                                                                  Sep 5, 2024 07:29:57.080966949 CEST4434971040.71.99.188192.168.2.5
                                                                                  Sep 5, 2024 07:29:57.081091881 CEST49710443192.168.2.540.71.99.188
                                                                                  Sep 5, 2024 07:29:57.202775002 CEST49710443192.168.2.540.71.99.188
                                                                                  Sep 5, 2024 07:29:57.202883959 CEST4434971040.71.99.188192.168.2.5
                                                                                  Sep 5, 2024 07:29:57.203530073 CEST49710443192.168.2.540.71.99.188
                                                                                  Sep 5, 2024 07:29:57.203543901 CEST4434971040.71.99.188192.168.2.5
                                                                                  Sep 5, 2024 07:29:57.290326118 CEST49710443192.168.2.540.71.99.188
                                                                                  Sep 5, 2024 07:29:57.309504986 CEST4434971040.71.99.188192.168.2.5
                                                                                  Sep 5, 2024 07:29:57.309746027 CEST4434971040.71.99.188192.168.2.5
                                                                                  Sep 5, 2024 07:29:57.309820890 CEST49710443192.168.2.540.71.99.188
                                                                                  Sep 5, 2024 07:29:57.470149040 CEST49710443192.168.2.540.71.99.188
                                                                                  Sep 5, 2024 07:29:57.470175982 CEST4434971040.71.99.188192.168.2.5
                                                                                  Sep 5, 2024 07:29:58.962539911 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:58.962575912 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:58.962677002 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:58.963063002 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:58.963078022 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.619576931 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.619817019 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.619827032 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.620187044 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.620201111 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.620237112 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.620243073 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.620263100 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.620296001 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.620910883 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.678637981 CEST49674443192.168.2.523.1.237.91
                                                                                  Sep 5, 2024 07:29:59.678647995 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.691940069 CEST49675443192.168.2.523.1.237.91
                                                                                  Sep 5, 2024 07:29:59.713061094 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.713196993 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.713669062 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.713680029 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.793678999 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.832659006 CEST49673443192.168.2.523.1.237.91
                                                                                  Sep 5, 2024 07:29:59.892410994 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.892451048 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.892899990 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.892915010 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.895401001 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.895481110 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.895488024 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.901680946 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.901726961 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.901735067 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.907939911 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.907995939 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.908001900 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.914140940 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.914267063 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.914272070 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.920572996 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.923546076 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.923552990 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.926740885 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.927803040 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.927809000 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.933085918 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.935501099 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.935506105 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.978945971 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.979525089 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.979535103 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.981967926 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.983438015 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.983443975 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.987561941 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.987654924 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.987659931 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.993875027 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.993920088 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:29:59.993923903 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.000111103 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.000159025 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.000164986 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.006421089 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.006473064 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.006479979 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.012693882 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.012737989 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.012743950 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.018942118 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.018994093 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.019000053 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.025226116 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.025273085 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.025285959 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.031070948 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.031176090 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.031181097 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.036865950 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.036911011 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.036916018 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.042735100 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.042857885 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.042861938 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.048820019 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.048863888 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.048868895 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.053534985 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.053623915 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.053630114 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.058604002 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.058696032 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.058701038 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.064096928 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.064147949 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.064153910 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.069494963 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.069544077 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.069550037 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.073380947 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.073440075 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.073446035 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.077419996 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.077476025 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.077481985 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.080988884 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.081046104 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.081052065 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.084626913 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.084677935 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.084691048 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.088057995 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.088135958 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.088144064 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.091500044 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.091556072 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.091564894 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.095004082 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.095043898 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.095053911 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.098737955 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.098843098 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.098855019 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.101910114 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.103447914 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.103461981 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.105420113 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.107408047 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.107417107 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.108875036 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.109438896 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.109447002 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.112437010 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.112478018 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.112488985 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.115811110 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.115933895 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.115947962 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.119398117 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.119448900 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.119457006 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.131795883 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.131829023 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.131860018 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.131881952 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.131886959 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.131896973 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.131932974 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.131952047 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.132076025 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.133138895 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.135709047 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.135718107 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.136645079 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.137662888 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.137670040 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.139939070 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.143254042 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.143284082 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.143326998 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.143337011 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.143362999 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.147732019 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.148150921 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.148155928 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.149396896 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.149477959 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.149485111 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.152920008 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.152951956 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.152997971 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.153004885 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.153050900 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.155615091 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.155801058 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.155855894 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.155941010 CEST49722443192.168.2.5142.250.186.129
                                                                                  Sep 5, 2024 07:30:00.155958891 CEST44349722142.250.186.129192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.885740042 CEST49731443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:00.885761023 CEST44349731162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.885831118 CEST49731443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:00.885996103 CEST49732443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:00.886009932 CEST44349732162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.886183023 CEST49732443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:00.886404037 CEST49731443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:00.886414051 CEST44349731162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.886467934 CEST49732443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:00.886478901 CEST44349732162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.997991085 CEST49734443192.168.2.5172.64.41.3
                                                                                  Sep 5, 2024 07:30:00.997998953 CEST44349734172.64.41.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.998087883 CEST49734443192.168.2.5172.64.41.3
                                                                                  Sep 5, 2024 07:30:01.000727892 CEST49734443192.168.2.5172.64.41.3
                                                                                  Sep 5, 2024 07:30:01.000735998 CEST44349734172.64.41.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.345189095 CEST4434970323.1.237.91192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.346299887 CEST49703443192.168.2.523.1.237.91
                                                                                  Sep 5, 2024 07:30:01.348170996 CEST44349732162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.348747015 CEST49732443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.348768950 CEST44349732162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.349591970 CEST44349731162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.349805117 CEST44349732162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.349900961 CEST49731443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.349909067 CEST44349731162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.349941015 CEST49732443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.350928068 CEST49732443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.350929976 CEST44349731162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.350981951 CEST44349732162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.351098061 CEST49732443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.351223946 CEST49731443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.351991892 CEST49731443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.352057934 CEST44349731162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.352071047 CEST49731443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.391345978 CEST49732443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.391352892 CEST44349732162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.391422033 CEST49731443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.391428947 CEST44349731162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.412086010 CEST49737443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:01.412111998 CEST44349737184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.412178993 CEST49737443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:01.415802956 CEST49737443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:01.415817022 CEST44349737184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.442647934 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:01.442693949 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.445034981 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:01.455096960 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:01.455122948 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.461303949 CEST44349732162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.462646008 CEST44349731162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.463975906 CEST49732443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.463996887 CEST49731443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.464359045 CEST49731443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.464370012 CEST44349731162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.464514017 CEST49732443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:01.464519978 CEST44349732162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.475661993 CEST44349734172.64.41.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.476723909 CEST49734443192.168.2.5172.64.41.3
                                                                                  Sep 5, 2024 07:30:01.476732969 CEST44349734172.64.41.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.477823973 CEST44349734172.64.41.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.484503984 CEST44349734172.64.41.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.490894079 CEST49734443192.168.2.5172.64.41.3
                                                                                  Sep 5, 2024 07:30:01.506191015 CEST49734443192.168.2.5172.64.41.3
                                                                                  Sep 5, 2024 07:30:01.506335974 CEST44349734172.64.41.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.506407022 CEST49734443192.168.2.5172.64.41.3
                                                                                  Sep 5, 2024 07:30:01.552494049 CEST44349734172.64.41.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.563942909 CEST49739443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:01.563965082 CEST4434973935.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.565712929 CEST49739443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:01.570900917 CEST49739443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:01.570913076 CEST4434973935.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.580856085 CEST49734443192.168.2.5172.64.41.3
                                                                                  Sep 5, 2024 07:30:01.580863953 CEST44349734172.64.41.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.616014957 CEST44349734172.64.41.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.619710922 CEST49734443192.168.2.5172.64.41.3
                                                                                  Sep 5, 2024 07:30:01.620333910 CEST49734443192.168.2.5172.64.41.3
                                                                                  Sep 5, 2024 07:30:01.620338917 CEST44349734172.64.41.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.034918070 CEST4434973935.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.035919905 CEST49739443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:02.048533916 CEST49739443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:02.048547029 CEST4434973935.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.048743963 CEST4434973935.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.048943996 CEST49739443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:02.048949957 CEST4434973935.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.049933910 CEST49739443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:02.055203915 CEST44349737184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.057272911 CEST49737443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:02.061779976 CEST49737443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:02.061791897 CEST44349737184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.062010050 CEST44349737184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.125431061 CEST49737443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:02.144495010 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.146444082 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.146471977 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.147501945 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.147754908 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.152276039 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.152334929 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.152648926 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.152657986 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.172503948 CEST44349737184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.216430902 CEST49740443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.216460943 CEST44349740162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.216797113 CEST49741443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.216820002 CEST44349741162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.217122078 CEST49740443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.217212915 CEST49741443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.217411041 CEST49741443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.217422009 CEST44349741162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.217545033 CEST49740443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.217557907 CEST44349740162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.261379004 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.261396885 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.268066883 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.268089056 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.268126011 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.269593000 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.327514887 CEST44349737184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.327558041 CEST44349737184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.327739000 CEST49737443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:02.327939034 CEST49737443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:02.327949047 CEST44349737184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.327960014 CEST49737443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:02.327965021 CEST44349737184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.347060919 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.347069979 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.347095966 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.347107887 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.347120047 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.347125053 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.347131968 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.347172976 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.351852894 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.351861000 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.351888895 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.351921082 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.351931095 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.351941109 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.351973057 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.369527102 CEST49742443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:02.369558096 CEST44349742184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.370105982 CEST49742443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:02.370440960 CEST49742443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:02.370459080 CEST44349742184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.440442085 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.440459967 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.440468073 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.440512896 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.440553904 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.440956116 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.441066980 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.442786932 CEST49738443192.168.2.513.107.246.51
                                                                                  Sep 5, 2024 07:30:02.442802906 CEST4434973813.107.246.51192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.536245108 CEST49743443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:02.536276102 CEST4434974313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.537431002 CEST49743443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:02.539412022 CEST49743443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:02.539426088 CEST4434974313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.654953957 CEST49744443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:02.654968977 CEST44349744142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.656194925 CEST49744443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:02.656388044 CEST49744443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:02.656398058 CEST44349744142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.687961102 CEST44349741162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.688409090 CEST44349740162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.690660000 CEST49740443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.690670013 CEST44349740162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.690752029 CEST49741443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.690759897 CEST44349741162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.691080093 CEST44349740162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.691129923 CEST44349741162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.695355892 CEST49741443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.695424080 CEST44349741162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.695624113 CEST49740443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.695692062 CEST44349740162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.790050983 CEST49741443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.833525896 CEST49740443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.012964010 CEST44349742184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.020505905 CEST44349742184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.021399021 CEST49742443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:03.073786974 CEST49742443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:03.073801041 CEST44349742184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.074059010 CEST44349742184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.077445984 CEST49742443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:03.087513924 CEST49745443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.087541103 CEST44349745142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.087698936 CEST49746443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.087706089 CEST44349746142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.087841034 CEST49745443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.087841034 CEST49746443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.088100910 CEST49745443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.088114977 CEST44349745142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.088211060 CEST49746443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.088221073 CEST44349746142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.120078087 CEST44349744142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.124502897 CEST44349742184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.127741098 CEST49744443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.127753019 CEST44349744142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.128148079 CEST44349744142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.128851891 CEST44349744142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.142106056 CEST49744443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.142115116 CEST44349744142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.154838085 CEST49744443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.154887915 CEST49741443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.154920101 CEST49740443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.154936075 CEST44349741162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.154958010 CEST49743443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:03.155009031 CEST44349744142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.155051947 CEST44349740162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.155119896 CEST44349741162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.155154943 CEST49745443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.155189037 CEST49746443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.155292988 CEST44349740162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.157432079 CEST49744443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.157449007 CEST49741443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.157480001 CEST49744443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.157485008 CEST49740443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.157488108 CEST49741443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.157526970 CEST49740443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.159111977 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.159125090 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.159461021 CEST49748443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.159473896 CEST44349748142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.159595013 CEST49749443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.159614086 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.159744024 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:03.159790039 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.175880909 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.175904036 CEST49749443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.175904036 CEST49748443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.175904989 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:03.176228046 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:03.176254988 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.176341057 CEST49749443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.176354885 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.176431894 CEST49748443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.176441908 CEST44349748142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.176537037 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.176547050 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.200506926 CEST4434974313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.200508118 CEST44349746142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.200520992 CEST44349745142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.203044891 CEST4434974313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.203138113 CEST4434974313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.215481043 CEST49743443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:03.215543032 CEST49743443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:03.290741920 CEST44349742184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.290783882 CEST44349742184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.291069984 CEST49742443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:03.291661978 CEST49742443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:03.291682005 CEST44349742184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.291695118 CEST49742443192.168.2.5184.28.90.27
                                                                                  Sep 5, 2024 07:30:03.291701078 CEST44349742184.28.90.27192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.450470924 CEST4975180192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:03.455501080 CEST804975134.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.456286907 CEST4975180192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:03.456532001 CEST4975180192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:03.461293936 CEST804975134.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.550093889 CEST44349746142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.550205946 CEST44349746142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.552366972 CEST49746443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.552386045 CEST49746443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.573566914 CEST44349745142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.573657990 CEST44349745142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.575617075 CEST49745443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.575628996 CEST49745443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.668174982 CEST44349748142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.668416023 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.670933008 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.672200918 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.672211885 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.672316074 CEST49749443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.672329903 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.672413111 CEST49748443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.672427893 CEST44349748142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.672681093 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.672691107 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.672740936 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.672780991 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.672789097 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.672808886 CEST44349748142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.672820091 CEST44349748142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.673017025 CEST49749443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.673424006 CEST49748443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.673433065 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.673470020 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.673477888 CEST44349748142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.676544905 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.676561117 CEST49749443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.676561117 CEST49748443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.677932024 CEST49748443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.677989006 CEST44349748142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.678033113 CEST49749443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.678095102 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.678834915 CEST49748443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.678908110 CEST49749443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.679070950 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.679143906 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.679178953 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.720521927 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.724494934 CEST44349748142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.724504948 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.786783934 CEST49749443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.786798000 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.789556980 CEST44349748142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.789618015 CEST49748443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.790210962 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.790724039 CEST49748443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.790734053 CEST44349748142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.792613029 CEST49749443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.793152094 CEST49749443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.793163061 CEST44349749142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.815068007 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.815116882 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.815272093 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.815304041 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.815882921 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.815917015 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.816714048 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.831856012 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.831873894 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.831886053 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.831923962 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.841466904 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.870532036 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:03.870567083 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.871053934 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.907181978 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.907227039 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.907260895 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.907423019 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.907458067 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.907489061 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.907934904 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.908004045 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.908039093 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.908071041 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.908262014 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.912278891 CEST804975134.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.916162968 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.931145906 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:03.993072033 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.039623022 CEST4975180192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:04.108971119 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.109134912 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.109319925 CEST49752443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.109335899 CEST44349752142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.109679937 CEST49753443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.109697104 CEST44349753142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.111526966 CEST49754443192.168.2.5152.195.19.97
                                                                                  Sep 5, 2024 07:30:04.111532927 CEST44349754152.195.19.97192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.112447977 CEST49747443192.168.2.5142.250.80.78
                                                                                  Sep 5, 2024 07:30:04.112457991 CEST44349747142.250.80.78192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.114243031 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.114934921 CEST49752443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.114944935 CEST49754443192.168.2.5152.195.19.97
                                                                                  Sep 5, 2024 07:30:04.114944935 CEST49753443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.115282059 CEST49754443192.168.2.5152.195.19.97
                                                                                  Sep 5, 2024 07:30:04.115291119 CEST44349754152.195.19.97192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.115430117 CEST49753443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.115438938 CEST44349753142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.115530014 CEST49752443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.115542889 CEST44349752142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.160495996 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.189702988 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.214032888 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.214061022 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.214067936 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.214096069 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.214108944 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.214118004 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.221160889 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.221172094 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.221244097 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.299384117 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.299396992 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.299416065 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.299423933 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.299443007 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.299454927 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.299485922 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.300313950 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.300743103 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.300751925 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.300779104 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.300786018 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.300796986 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.300806999 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.300811052 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.300841093 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.300877094 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.386260986 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.386270046 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.386293888 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.386301994 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.386315107 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.386323929 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.386328936 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.386432886 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.387345076 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.387357950 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.387373924 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.387381077 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.387398005 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.387408018 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.387427092 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.387609005 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.388232946 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.388240099 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.388262033 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.388267994 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.388323069 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.388326883 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.388432026 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.389161110 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.389168024 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.389188051 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.389215946 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.389225006 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.389230013 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.389260054 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.389296055 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.549870014 CEST4975680192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:04.554738045 CEST804975634.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.554805040 CEST4975680192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:04.554950953 CEST4975680192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:04.557893991 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.557918072 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.557980061 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.557996988 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.558123112 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.558547020 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.558562994 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.558748960 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.558753014 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.558859110 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.559250116 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.559267044 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.559437990 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.559443951 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.559560061 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.559885025 CEST804975634.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.559936047 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.559951067 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.560017109 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.560022116 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.560266972 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.563023090 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.563040972 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.563102007 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.563107967 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.563152075 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.563365936 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.563380957 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.563554049 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.563559055 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.563734055 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.563812971 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.563841105 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.563919067 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.563925028 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.565232038 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.731084108 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.731111050 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.731152058 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.731169939 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.731194019 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.731216908 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.731374979 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.731391907 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.731798887 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.731832027 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.731962919 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.731966972 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.732006073 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.732034922 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.732259989 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.732278109 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.732502937 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.732528925 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.732577085 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.733918905 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.733961105 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.734016895 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.736855030 CEST49750443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.736866951 CEST4434975013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.771212101 CEST44349752142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.772711992 CEST44349753142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.780347109 CEST49753443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.780363083 CEST44349753142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.780462027 CEST49752443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.780487061 CEST44349752142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.780726910 CEST44349753142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.780810118 CEST49753443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.780869007 CEST44349752142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.781337023 CEST44349753142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.781636000 CEST44349752142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.796475887 CEST49753443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.796477079 CEST49752443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.796493053 CEST44349752142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.800858021 CEST49753443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.800921917 CEST44349753142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.801358938 CEST49752443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.801445007 CEST44349752142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.818109035 CEST49757443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.818142891 CEST4434975713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.818756104 CEST49757443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.818991899 CEST49757443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:04.819006920 CEST4434975713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.879793882 CEST49753443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.879801035 CEST44349753142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.890765905 CEST44349754152.195.19.97192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.891025066 CEST49754443192.168.2.5152.195.19.97
                                                                                  Sep 5, 2024 07:30:04.891031981 CEST44349754152.195.19.97192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.891982079 CEST44349754152.195.19.97192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.892049074 CEST49754443192.168.2.5152.195.19.97
                                                                                  Sep 5, 2024 07:30:04.893225908 CEST49754443192.168.2.5152.195.19.97
                                                                                  Sep 5, 2024 07:30:04.893333912 CEST44349754152.195.19.97192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.893448114 CEST49754443192.168.2.5152.195.19.97
                                                                                  Sep 5, 2024 07:30:04.926367044 CEST49752443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.926382065 CEST44349752142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.940506935 CEST44349754152.195.19.97192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.989183903 CEST49753443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.995650053 CEST44349754152.195.19.97192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.995660067 CEST44349754152.195.19.97192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.995702982 CEST44349754152.195.19.97192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.995723963 CEST49754443192.168.2.5152.195.19.97
                                                                                  Sep 5, 2024 07:30:04.995801926 CEST49754443192.168.2.5152.195.19.97
                                                                                  Sep 5, 2024 07:30:04.998644114 CEST49754443192.168.2.5152.195.19.97
                                                                                  Sep 5, 2024 07:30:04.998655081 CEST44349754152.195.19.97192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.036933899 CEST49752443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:05.083123922 CEST804975634.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.103933096 CEST49758443192.168.2.5142.250.65.196
                                                                                  Sep 5, 2024 07:30:05.103965044 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.108037949 CEST49758443192.168.2.5142.250.65.196
                                                                                  Sep 5, 2024 07:30:05.108335018 CEST49758443192.168.2.5142.250.65.196
                                                                                  Sep 5, 2024 07:30:05.108351946 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.124811888 CEST49759443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.124840021 CEST4434975913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.125508070 CEST49760443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.125530958 CEST4434976013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.125618935 CEST49761443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.125643015 CEST4434976113.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.125797033 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.125804901 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.126112938 CEST49759443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.126324892 CEST49760443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.126329899 CEST49761443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.126329899 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.126329899 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.126352072 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.126862049 CEST49761443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.126872063 CEST4434976113.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.126979113 CEST49760443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.126988888 CEST4434976013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.127106905 CEST49759443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.127121925 CEST4434975913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.139837980 CEST4975680192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:05.170664072 CEST49763443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.170674086 CEST4434976313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.170774937 CEST49763443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.170928955 CEST49763443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.170938015 CEST4434976313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.452102900 CEST4434975713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.452390909 CEST49757443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.452409029 CEST4434975713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.452780008 CEST4434975713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.453067064 CEST49757443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.453125954 CEST4434975713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.453238964 CEST49757443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.496507883 CEST4434975713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.541445017 CEST49765443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.541487932 CEST44349765162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.541683912 CEST49766443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.541692019 CEST44349766162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.546333075 CEST49766443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.546333075 CEST49765443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.548181057 CEST49766443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.548197985 CEST44349766162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.548310041 CEST49765443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.548321962 CEST44349765162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.553258896 CEST4434975713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.553594112 CEST4434975713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.555015087 CEST49757443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.563642979 CEST49757443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.563661098 CEST4434975713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.564186096 CEST49767443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.564208984 CEST4434976713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.564331055 CEST49767443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.565335035 CEST49767443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.565346956 CEST4434976713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.580626965 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.584388971 CEST49758443192.168.2.5142.250.65.196
                                                                                  Sep 5, 2024 07:30:05.584404945 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.585387945 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.588102102 CEST49758443192.168.2.5142.250.65.196
                                                                                  Sep 5, 2024 07:30:05.589082956 CEST49758443192.168.2.5142.250.65.196
                                                                                  Sep 5, 2024 07:30:05.589148045 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.589242935 CEST49758443192.168.2.5142.250.65.196
                                                                                  Sep 5, 2024 07:30:05.589251995 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.686269999 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.686307907 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.686332941 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.686342001 CEST49758443192.168.2.5142.250.65.196
                                                                                  Sep 5, 2024 07:30:05.686362028 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.686376095 CEST49758443192.168.2.5142.250.65.196
                                                                                  Sep 5, 2024 07:30:05.686491966 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.686547041 CEST49758443192.168.2.5142.250.65.196
                                                                                  Sep 5, 2024 07:30:05.688333035 CEST49758443192.168.2.5142.250.65.196
                                                                                  Sep 5, 2024 07:30:05.688344002 CEST44349758142.250.65.196192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.759959936 CEST4434976113.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.760185957 CEST49761443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.760195017 CEST4434976113.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.760349989 CEST4434976013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.760535955 CEST49760443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.760549068 CEST4434976013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.761136055 CEST4434975913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.761224985 CEST4434976113.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.761342049 CEST49759443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.761365891 CEST4434975913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.761408091 CEST49761443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.761630058 CEST4434976013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.761754990 CEST49761443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.761811972 CEST4434976113.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.761921883 CEST49761443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.761926889 CEST49760443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.762200117 CEST49760443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.762259007 CEST4434976013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.762347937 CEST49760443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.762353897 CEST4434976013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.762387991 CEST4434975913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.762501001 CEST49759443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.762757063 CEST49759443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.762816906 CEST4434975913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.762847900 CEST49759443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.785191059 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.785408020 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.785417080 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.786452055 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.786516905 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.786794901 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.786854029 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.786922932 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.804505110 CEST4434975913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.804505110 CEST4434976113.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.815720081 CEST4434976313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.817302942 CEST49763443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.817311049 CEST4434976313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.818181038 CEST4434976313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.818255901 CEST49763443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.818573952 CEST49763443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.818624973 CEST4434976313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.818708897 CEST49763443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.829736948 CEST49761443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.829745054 CEST4434976113.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.832499027 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.859827042 CEST4434976113.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.860184908 CEST4434976113.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.860502958 CEST4434976313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.861191034 CEST4434975913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.861315012 CEST4434975913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.862462044 CEST49761443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.862961054 CEST49759443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.865087032 CEST49759443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.865108013 CEST4434975913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.865431070 CEST49768443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.865454912 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.866890907 CEST49761443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.866898060 CEST4434976113.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.867114067 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.867126942 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.869035959 CEST4434976013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.869100094 CEST4434976013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.876497984 CEST4434976013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.877247095 CEST49760443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.877274990 CEST49768443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.877474070 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.877474070 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.877492905 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.878262997 CEST49768443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.878274918 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.880281925 CEST49760443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.880289078 CEST4434976013.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.885188103 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.885200024 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.919850111 CEST4434976313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.919913054 CEST49763443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.919919014 CEST4434976313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.920173883 CEST4434976313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.920228004 CEST49763443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.920871973 CEST49763443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:05.920876980 CEST4434976313.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.990747929 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.000363111 CEST44349766162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.000591993 CEST49766443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:06.000614882 CEST44349766162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.000890970 CEST44349766162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.001987934 CEST49766443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:06.002043962 CEST44349766162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.008887053 CEST44349765162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.009099007 CEST49765443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:06.009110928 CEST44349765162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.009388924 CEST44349765162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.009690046 CEST49765443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:06.009746075 CEST44349765162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.189482927 CEST49765443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:06.194933891 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.194956064 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.195038080 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.195050001 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.195305109 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.196166039 CEST49762443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.196176052 CEST4434976213.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.199269056 CEST4434976713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.201206923 CEST49767443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.201217890 CEST4434976713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.201591015 CEST4434976713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.202042103 CEST49767443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.202106953 CEST4434976713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.202177048 CEST49767443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.208503008 CEST44349766162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.209496021 CEST49766443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:06.248503923 CEST4434976713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.299717903 CEST4434976713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.299993992 CEST4434976713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.304497004 CEST4434976713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.316011906 CEST49767443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.332384109 CEST49767443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.332395077 CEST4434976713.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.523139000 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.523188114 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.578737974 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.636725903 CEST49768443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.665137053 CEST49768443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.665143967 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.665285110 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.665292978 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.665488005 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.665628910 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.669009924 CEST49768443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.669061899 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.685873985 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.685939074 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.687055111 CEST49768443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.687098980 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.728503942 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.732500076 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.784874916 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.784888983 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.784972906 CEST49768443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.784981966 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.785126925 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.785226107 CEST49768443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.785543919 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.786346912 CEST49768443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.786355019 CEST4434976813.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.788991928 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.789009094 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.789016962 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.789048910 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.789066076 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.789073944 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.789242983 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.789258003 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.789329052 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.876012087 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.876019955 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.876049042 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.876060009 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.876070023 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.876085043 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.876090050 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.876286030 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.877357006 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.877363920 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.877388000 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.877397060 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.877932072 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.877943039 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.878057957 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.963680983 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.963689089 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.963726044 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.963753939 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.963766098 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.963777065 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.963841915 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.964390993 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.964397907 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.964428902 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.964467049 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.964476109 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.964476109 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.964538097 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.964775085 CEST49769443192.168.2.513.107.246.40
                                                                                  Sep 5, 2024 07:30:06.964782953 CEST4434976913.107.246.40192.168.2.5
                                                                                  Sep 5, 2024 07:30:10.194334030 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:10.194360018 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:10.194508076 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:10.195694923 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:10.195707083 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:10.870310068 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:10.870425940 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:10.872368097 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:10.872378111 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:10.872629881 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:10.923022032 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:11.585210085 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:11.628501892 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:11.807946920 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:11.807966948 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:11.807975054 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:11.807982922 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:11.808003902 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:11.808039904 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:11.808053017 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:11.808072090 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:11.808103085 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:11.808278084 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:11.808382034 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:11.808726072 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:12.286849976 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:12.286849976 CEST49771443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:12.286866903 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:12.286876917 CEST4434977113.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:13.938047886 CEST4975180192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:13.942879915 CEST804975134.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:15.082721949 CEST4975680192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:15.792464972 CEST804975634.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:20.910413027 CEST44349766162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:20.910480022 CEST44349766162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:20.913535118 CEST49766443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:20.925911903 CEST44349765162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:20.926000118 CEST44349765162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:20.927553892 CEST49765443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:23.955285072 CEST4975180192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:24.851486921 CEST804975134.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:25.815368891 CEST4975680192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:25.821336031 CEST804975634.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.637664080 CEST49778443192.168.2.534.149.100.209
                                                                                  Sep 5, 2024 07:30:31.637689114 CEST4434977834.149.100.209192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.644979000 CEST49778443192.168.2.534.149.100.209
                                                                                  Sep 5, 2024 07:30:31.645342112 CEST49778443192.168.2.534.149.100.209
                                                                                  Sep 5, 2024 07:30:31.645349979 CEST4434977834.149.100.209192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.645921946 CEST49779443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:31.645931959 CEST4434977935.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.646040916 CEST49779443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:31.646138906 CEST49779443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:31.646150112 CEST4434977935.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.654670000 CEST49780443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:31.654680014 CEST4434978035.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.655848026 CEST49780443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:31.662780046 CEST49780443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:31.662790060 CEST4434978035.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.890675068 CEST49781443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:31.890707970 CEST4434978152.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.891022921 CEST49781443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:31.891242981 CEST49781443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:31.891258001 CEST4434978152.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.838356972 CEST4434978035.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.838526011 CEST49780443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:32.841706991 CEST4434977834.149.100.209192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.841716051 CEST4434977834.149.100.209192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.842369080 CEST49778443192.168.2.534.149.100.209
                                                                                  Sep 5, 2024 07:30:32.842648029 CEST4434978152.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.842720985 CEST49781443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:32.843761921 CEST4434977935.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.844168901 CEST49779443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:32.845474005 CEST49778443192.168.2.534.149.100.209
                                                                                  Sep 5, 2024 07:30:32.845478058 CEST4434977834.149.100.209192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.845669031 CEST4434977834.149.100.209192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.848615885 CEST49779443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:32.848627090 CEST4434977935.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.848900080 CEST4434977935.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.851645947 CEST49781443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:32.851663113 CEST4434978152.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.851846933 CEST4434978152.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.855679989 CEST49780443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:32.855689049 CEST4434978035.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.855818033 CEST4434978035.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.856064081 CEST49780443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:32.856070042 CEST4434978035.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.857029915 CEST49778443192.168.2.534.149.100.209
                                                                                  Sep 5, 2024 07:30:32.857131004 CEST49778443192.168.2.534.149.100.209
                                                                                  Sep 5, 2024 07:30:32.857155085 CEST4434977834.149.100.209192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.858243942 CEST49779443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:32.858335018 CEST49779443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:32.858402967 CEST4434977935.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.858709097 CEST49781443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:32.858807087 CEST49781443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:32.858840942 CEST4434978152.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.859267950 CEST49782443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:32.859293938 CEST4434978252.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.859867096 CEST4975680192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:32.859896898 CEST4975180192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:32.860388041 CEST49778443192.168.2.534.149.100.209
                                                                                  Sep 5, 2024 07:30:32.860400915 CEST49779443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:32.860446930 CEST49781443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:32.860446930 CEST49782443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:32.860724926 CEST49782443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:32.860738039 CEST4434978252.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.864789009 CEST804975634.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.864859104 CEST4975680192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:32.864980936 CEST804975134.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.865036011 CEST4975180192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:32.871186972 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:32.875921011 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.875998974 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:32.876135111 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:32.881500959 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:33.060496092 CEST4434978035.190.72.216192.168.2.5
                                                                                  Sep 5, 2024 07:30:33.063131094 CEST49780443192.168.2.535.190.72.216
                                                                                  Sep 5, 2024 07:30:33.337635040 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:33.348078012 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:33.353059053 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:33.353142023 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:33.353276968 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:33.358135939 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:33.392890930 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:34.471736908 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.471961975 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.472410917 CEST4434978252.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.472444057 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:34.472459078 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.472491980 CEST49782443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:34.472532034 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:34.475814104 CEST49782443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:34.475825071 CEST4434978252.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.476031065 CEST4434978252.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.478333950 CEST49782443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:34.478454113 CEST49782443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:34.478454113 CEST4434978252.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.478466988 CEST4434978252.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.487838984 CEST49785443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.487859964 CEST4434978535.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.488243103 CEST49785443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.488383055 CEST49785443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.488389015 CEST4434978535.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.492269993 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:34.497186899 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.497642040 CEST49786443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.497657061 CEST4434978635.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.497725010 CEST49786443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.497776031 CEST49787443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.497795105 CEST4434978735.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.497870922 CEST49787443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.497872114 CEST49786443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.497883081 CEST4434978635.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.497997046 CEST49787443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.498008013 CEST4434978735.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.590763092 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.593785048 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:34.598625898 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.638509035 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:34.684501886 CEST4434978252.222.236.80192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.685813904 CEST49782443192.168.2.552.222.236.80
                                                                                  Sep 5, 2024 07:30:34.689733028 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.738867998 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:34.964056969 CEST4434978735.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.964189053 CEST49787443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.967252016 CEST49787443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.967258930 CEST4434978735.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.967480898 CEST4434978735.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.967820883 CEST4434978535.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.967979908 CEST49785443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.970453978 CEST49785443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.970459938 CEST4434978535.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.970666885 CEST4434978535.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.972793102 CEST49787443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.972927094 CEST49787443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.972930908 CEST4434978735.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.972939968 CEST4434978735.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.973011017 CEST49787443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.974581003 CEST49785443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.974689007 CEST4434978535.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.975348949 CEST49785443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.975354910 CEST4434978535.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.976367950 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:34.980925083 CEST4434978635.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.981030941 CEST49786443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.981132984 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.983800888 CEST49786443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.983804941 CEST4434978635.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.984041929 CEST4434978635.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.986232996 CEST49786443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.986323118 CEST49786443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:34.986381054 CEST4434978635.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.989779949 CEST49786443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:35.071327925 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:35.074146986 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:35.079292059 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:35.117815971 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:35.173063993 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:35.180499077 CEST4434978535.244.181.201192.168.2.5
                                                                                  Sep 5, 2024 07:30:35.181546926 CEST49785443192.168.2.535.244.181.201
                                                                                  Sep 5, 2024 07:30:35.218117952 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:45.080380917 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:45.085228920 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:45.187828064 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:45.192698956 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:48.962438107 CEST49789443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:48.962467909 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:48.962570906 CEST49789443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:48.962980986 CEST49789443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:48.962989092 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:49.888010025 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:49.888113022 CEST49789443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:49.891880035 CEST49789443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:49.891885996 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:49.892076969 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:49.898371935 CEST49753443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:49.898386002 CEST44349753142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:49.901563883 CEST49789443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:49.929331064 CEST49752443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:49.929339886 CEST44349752142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:49.948506117 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:50.148786068 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:50.148802996 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:50.148818970 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:50.151326895 CEST49789443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:50.151340008 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:50.151351929 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:50.151563883 CEST49789443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:50.151611090 CEST49789443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:50.153117895 CEST49789443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:50.153126955 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:50.153137922 CEST49789443192.168.2.513.85.23.86
                                                                                  Sep 5, 2024 07:30:50.153141975 CEST4434978913.85.23.86192.168.2.5
                                                                                  Sep 5, 2024 07:30:55.094985008 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:55.100049973 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:55.210875034 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:30:55.215753078 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:30:55.344374895 CEST49766443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:55.344405890 CEST44349766162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:55.344427109 CEST49765443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:55.344432116 CEST44349765162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.209100962 CEST49791443192.168.2.523.200.0.9
                                                                                  Sep 5, 2024 07:30:58.209136963 CEST4434979123.200.0.9192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.209220886 CEST49791443192.168.2.523.200.0.9
                                                                                  Sep 5, 2024 07:30:58.209455013 CEST49791443192.168.2.523.200.0.9
                                                                                  Sep 5, 2024 07:30:58.209470987 CEST4434979123.200.0.9192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.782593966 CEST4434979123.200.0.9192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.782967091 CEST49791443192.168.2.523.200.0.9
                                                                                  Sep 5, 2024 07:30:58.782998085 CEST4434979123.200.0.9192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.783288956 CEST4434979123.200.0.9192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.784529924 CEST49791443192.168.2.523.200.0.9
                                                                                  Sep 5, 2024 07:30:58.784591913 CEST4434979123.200.0.9192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.784710884 CEST49791443192.168.2.523.200.0.9
                                                                                  Sep 5, 2024 07:30:58.832505941 CEST4434979123.200.0.9192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.934623003 CEST4434979123.200.0.9192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.934665918 CEST4434979123.200.0.9192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.934885025 CEST49791443192.168.2.523.200.0.9
                                                                                  Sep 5, 2024 07:30:58.935230017 CEST49791443192.168.2.523.200.0.9
                                                                                  Sep 5, 2024 07:30:58.935254097 CEST4434979123.200.0.9192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.315473080 CEST49792443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.315505981 CEST4434979234.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.315720081 CEST49793443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.315768957 CEST4434979334.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.315783978 CEST49792443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.315942049 CEST49792443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.315957069 CEST4434979234.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.316205025 CEST49793443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.316315889 CEST49793443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.316339016 CEST4434979334.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.783030033 CEST4434979234.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.784064054 CEST4434979334.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.785764933 CEST49792443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.785769939 CEST49793443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.797511101 CEST49792443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.797533035 CEST4434979234.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.797740936 CEST4434979234.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.800223112 CEST49793443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.800246000 CEST4434979334.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.800524950 CEST4434979334.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.803071022 CEST49792443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.803165913 CEST49792443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.803224087 CEST4434979234.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.803251028 CEST49793443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.803322077 CEST49793443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.803426027 CEST4434979334.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.803977013 CEST49792443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:30:59.803997040 CEST49793443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:00.544068098 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:00.548926115 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.554442883 CEST49794443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:00.554466963 CEST4434979434.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.555366993 CEST49794443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:00.555516958 CEST49794443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:00.555536032 CEST4434979434.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.580507994 CEST49795443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:00.580534935 CEST4434979534.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.580701113 CEST49795443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:00.580840111 CEST49795443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:00.580852985 CEST4434979534.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.621215105 CEST49796443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:00.621231079 CEST4434979634.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.622226000 CEST49796443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:00.622385979 CEST49796443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:00.622399092 CEST4434979634.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.638626099 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.683002949 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:00.862904072 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:01.004899025 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.007345915 CEST4434979434.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.007438898 CEST49794443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.010468960 CEST49794443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.010479927 CEST4434979434.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.010719061 CEST4434979434.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.013259888 CEST49794443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.013358116 CEST49794443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.013402939 CEST4434979434.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.013585091 CEST49794443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.064464092 CEST4434979534.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.064625025 CEST49795443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.068974972 CEST49795443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.068988085 CEST4434979534.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.069197893 CEST4434979534.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.073534966 CEST49795443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.073630095 CEST49795443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.073674917 CEST4434979534.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.073761940 CEST49795443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.074899912 CEST49795443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.077404976 CEST4434979634.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.077466965 CEST49796443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.080055952 CEST49796443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.080063105 CEST4434979634.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.080282927 CEST4434979634.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.082206011 CEST49796443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.082285881 CEST49796443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.082339048 CEST4434979634.120.208.123192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.082412004 CEST49796443192.168.2.534.120.208.123
                                                                                  Sep 5, 2024 07:31:01.096992970 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.146771908 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:01.198781967 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:01.203562975 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.293740988 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.350161076 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:01.385514021 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:01.390281916 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.482889891 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:01.534609079 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:11.302361012 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:11.307280064 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:11.492712975 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:11.497668028 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:21.318897963 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:21.323946953 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:21.503753901 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:21.508610964 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:31.333468914 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:31.338458061 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:31.519939899 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:31.524890900 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:34.909429073 CEST49753443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:31:34.909454107 CEST44349753142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:31:34.939050913 CEST49752443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:31:34.939068079 CEST44349752142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:31:41.348669052 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:41.354501963 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:41.528038979 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:41.532896996 CEST804978434.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:51.382302999 CEST4978380192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:51.387377977 CEST804978334.107.221.82192.168.2.5
                                                                                  Sep 5, 2024 07:31:51.545039892 CEST4978480192.168.2.534.107.221.82
                                                                                  Sep 5, 2024 07:31:51.549958944 CEST804978434.107.221.82192.168.2.5

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Sep 5, 2024 07:29:56.004014015 CEST53547951.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:29:57.469527006 CEST5941253192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:29:57.469701052 CEST5399353192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:29:58.831334114 CEST53509661.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:29:58.948643923 CEST5630253192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:29:58.948805094 CEST5013353192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:29:58.955141068 CEST53563021.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:29:58.955697060 CEST53501331.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:29:59.614432096 CEST53549841.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.867050886 CEST6165453192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:00.867212057 CEST5533553192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:00.867508888 CEST5262453192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:00.867616892 CEST5109453192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:00.874533892 CEST53616541.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.874855042 CEST53526241.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.875221968 CEST53510941.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.875231981 CEST53553351.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.981859922 CEST5149853192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:00.982021093 CEST5672353192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:00.988914013 CEST53567231.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:00.989007950 CEST53514981.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.564160109 CEST4979553192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:01.571327925 CEST53497951.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.585001945 CEST5948953192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:01.592348099 CEST53594891.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:01.915971041 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.216029882 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.375149965 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.375163078 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.375174999 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.375214100 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.375226021 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.376178980 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.378036022 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.378422976 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.379100084 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.379271984 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.471740961 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.471801043 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.471811056 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.471821070 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.471829891 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.473829031 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.474952936 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.475045919 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.530482054 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.530560970 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.530747890 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.538398027 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.538541079 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.538949013 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.539184093 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.581010103 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.581212044 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.624013901 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.638657093 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.639010906 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.639153004 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.639301062 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.639311075 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.646908045 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.646996975 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.676181078 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.683232069 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.683917999 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.683965921 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:02.690912008 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.979417086 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:02.979511976 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.077178955 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.077820063 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.078407049 CEST44357602162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.085664034 CEST57602443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.160542965 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.161967039 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.162133932 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.162919998 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.430393934 CEST5640253192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:03.450999975 CEST6274053192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:03.457773924 CEST53627401.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.458544970 CEST6511353192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:03.468211889 CEST53651131.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.585794926 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.609165907 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.610709906 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.636924982 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.684209108 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.684303045 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.684567928 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.684875965 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.684969902 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.685075045 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.708396912 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.742167950 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.782526016 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.788465023 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:03.792506933 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:03.886413097 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.887633085 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:03.906807899 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.104320049 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:04.108853102 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.114707947 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.128679037 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:04.128777027 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:04.178993940 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:04.179089069 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:04.227087021 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.227724075 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.228061914 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.229353905 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:04.230287075 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:04.231374025 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:04.231580019 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:04.234852076 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.234865904 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.241544962 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.241651058 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.241662025 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.241673946 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.243166924 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.243244886 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.254228115 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.255474091 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.255748034 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.255857944 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.256239891 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.256361961 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.277115107 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.278206110 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.278258085 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.280755043 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:04.281652927 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:04.282943010 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:04.283195972 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:04.283227921 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:04.342921972 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:04.343014002 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:04.349390030 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.349442005 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.349658012 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.350416899 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.365374088 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.365747929 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.366624117 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.366921902 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:04.533528090 CEST5260953192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:04.535130024 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.537048101 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.537082911 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.537120104 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.537447929 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:04.540082932 CEST53526091.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.540663004 CEST6173653192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:04.541429996 CEST5809353192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:04.547127962 CEST53617361.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.621046066 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.836555958 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.837466002 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.837533951 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.837552071 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.837564945 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.868554115 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:04.870244026 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:04.899697065 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.901331902 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:04.905728102 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.905740976 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.905751944 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.905987978 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:04.907171965 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:04.907274961 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:04.907295942 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:04.942303896 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:04.972054958 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.972119093 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.972846031 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:04.995686054 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.995784998 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.995795012 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.996383905 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.996396065 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:04.997596025 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:04.997680902 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:04.999118090 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:04.999586105 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:04.999655008 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:05.000344038 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.000443935 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.001787901 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.001801014 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.001808882 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.001900911 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.004558086 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.012428999 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:05.012495041 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:05.012562990 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:05.012671947 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:05.041331053 CEST63612443192.168.2.5142.250.80.67
                                                                                  Sep 5, 2024 07:30:05.092948914 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.092959881 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.098695040 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.099332094 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.099714041 CEST44351657162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.100296974 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.103240967 CEST51657443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.131239891 CEST44363612142.250.80.67192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.303252935 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:05.430193901 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.457736969 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:05.471132994 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.471205950 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.471774101 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:05.504079103 CEST56223443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:30:05.541150093 CEST52686443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.598777056 CEST4435622364.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.845304966 CEST52686443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.992388010 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.992403984 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.993823051 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.993948936 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.994010925 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.994076014 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:05.994294882 CEST52686443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.996102095 CEST52686443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.996198893 CEST52686443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.996468067 CEST52686443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:05.996584892 CEST52686443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:06.092144966 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.092164040 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.092483997 CEST52686443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:06.094518900 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.094528913 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.094753981 CEST52686443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:06.094973087 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.095427036 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.095545053 CEST52686443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:06.191226959 CEST44352686162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:06.225788116 CEST52686443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:12.303776026 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:12.303819895 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:12.397253036 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:12.423779964 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:12.438661098 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:12.438992023 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:12.439197063 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:12.470325947 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:12.557214975 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.628793001 CEST5400853192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:31.636696100 CEST53540081.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.638122082 CEST5177753192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:31.644915104 CEST53517771.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.646178961 CEST5389553192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:31.646778107 CEST6524253192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:31.653772116 CEST53538951.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.654568911 CEST5291853192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:31.654659986 CEST53652421.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.661925077 CEST53529181.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.714265108 CEST6287753192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:31.721306086 CEST53628771.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.890970945 CEST5219853192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:31.898091078 CEST53521981.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:31.898709059 CEST5315653192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:31.905327082 CEST53531561.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:32.863579988 CEST6012953192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:34.141427994 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:34.438101053 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:34.564388037 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.579108000 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.579464912 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:34.581361055 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:34.616425991 CEST63558443192.168.2.5142.250.176.206
                                                                                  Sep 5, 2024 07:30:34.699843884 CEST44363558142.250.176.206192.168.2.5
                                                                                  Sep 5, 2024 07:30:57.465682983 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:57.465913057 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:57.466018915 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:57.466087103 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:57.919101000 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:57.919759035 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:57.958765984 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:58.015117884 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.015130043 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.015137911 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.015146971 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.015387058 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:58.015458107 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:58.110600948 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.110989094 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:58.207334995 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.207890034 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.208086014 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:58.208574057 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:59.316029072 CEST5049753192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:59.322757006 CEST53504971.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.323334932 CEST6443953192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:30:59.329931974 CEST53644391.1.1.1192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.797482967 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:59.797559023 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:59.893949986 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.894522905 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.894710064 CEST44362767162.159.61.3192.168.2.5
                                                                                  Sep 5, 2024 07:30:59.895194054 CEST62767443192.168.2.5162.159.61.3
                                                                                  Sep 5, 2024 07:30:59.896321058 CEST55878443192.168.2.523.44.201.5
                                                                                  Sep 5, 2024 07:31:00.200774908 CEST55878443192.168.2.523.44.201.5
                                                                                  Sep 5, 2024 07:31:00.371381998 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.385143995 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.385165930 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.385176897 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.385188103 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.385551929 CEST55878443192.168.2.523.44.201.5
                                                                                  Sep 5, 2024 07:31:00.387605906 CEST55878443192.168.2.523.44.201.5
                                                                                  Sep 5, 2024 07:31:00.387715101 CEST55878443192.168.2.523.44.201.5
                                                                                  Sep 5, 2024 07:31:00.486665010 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.486680031 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.486690998 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.486701012 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:00.487114906 CEST55878443192.168.2.523.44.201.5
                                                                                  Sep 5, 2024 07:31:00.487222910 CEST55878443192.168.2.523.44.201.5
                                                                                  Sep 5, 2024 07:31:00.544358015 CEST5959653192.168.2.51.1.1.1
                                                                                  Sep 5, 2024 07:31:00.585896015 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:02.376070023 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:02.379151106 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:02.382263899 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:02.832741022 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:02.832758904 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:02.832767963 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:02.832777023 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:02.833348036 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:02.833451033 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:02.833533049 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:02.833864927 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:02.897160053 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:02.897173882 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:02.897186041 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:02.897715092 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:02.924247980 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:02.932749987 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:02.969727039 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:02.996984005 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:05.334794998 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:05.459167004 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:05.485220909 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:05.500828981 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:05.500839949 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:05.500848055 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:05.501342058 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:05.501465082 CEST61309443192.168.2.564.233.180.84
                                                                                  Sep 5, 2024 07:31:05.626178980 CEST4436130964.233.180.84192.168.2.5
                                                                                  Sep 5, 2024 07:31:20.486280918 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:20.527045012 CEST55878443192.168.2.523.44.201.5
                                                                                  Sep 5, 2024 07:31:20.986063957 CEST4435587823.44.201.5192.168.2.5
                                                                                  Sep 5, 2024 07:31:21.018702984 CEST55878443192.168.2.523.44.201.5
                                                                                  Sep 5, 2024 07:31:30.484756947 CEST4435587823.44.201.5192.168.2.5

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Sep 5, 2024 07:29:57.469527006 CEST192.168.2.51.1.1.10x25a8Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:29:57.469701052 CEST192.168.2.51.1.1.10x8bd8Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                  Sep 5, 2024 07:29:58.948643923 CEST192.168.2.51.1.1.10x2ae0Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:29:58.948805094 CEST192.168.2.51.1.1.10x7ba3Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.867050886 CEST192.168.2.51.1.1.10x58e5Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.867212057 CEST192.168.2.51.1.1.10xfcfbStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.867508888 CEST192.168.2.51.1.1.10x52fbStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.867616892 CEST192.168.2.51.1.1.10xf081Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.981859922 CEST192.168.2.51.1.1.10xa04Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.982021093 CEST192.168.2.51.1.1.10x2269Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:01.564160109 CEST192.168.2.51.1.1.10x490fStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:01.585001945 CEST192.168.2.51.1.1.10x169aStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:03.430393934 CEST192.168.2.51.1.1.10xe14eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:03.450999975 CEST192.168.2.51.1.1.10x3ff4Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:03.458544970 CEST192.168.2.51.1.1.10xf4aaStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:04.533528090 CEST192.168.2.51.1.1.10x5845Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:04.540663004 CEST192.168.2.51.1.1.10xb181Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:04.541429996 CEST192.168.2.51.1.1.10x6929Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.628793001 CEST192.168.2.51.1.1.10x8839Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.638122082 CEST192.168.2.51.1.1.10xc22cStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.646178961 CEST192.168.2.51.1.1.10x9350Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.646778107 CEST192.168.2.51.1.1.10x57b1Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.654568911 CEST192.168.2.51.1.1.10x1883Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.714265108 CEST192.168.2.51.1.1.10x2c98Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.890970945 CEST192.168.2.51.1.1.10x6cd9Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.898709059 CEST192.168.2.51.1.1.10x91baStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:32.863579988 CEST192.168.2.51.1.1.10x53c8Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:59.316029072 CEST192.168.2.51.1.1.10x7c5bStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:59.323334932 CEST192.168.2.51.1.1.10xc982Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                  Sep 5, 2024 07:31:00.544358015 CEST192.168.2.51.1.1.10x7aaaStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Sep 5, 2024 07:29:56.060786009 CEST1.1.1.1192.168.2.50x1b47No error (0)bingadsedgeextension-prod-eastus.azurewebsites.netssl.bingadsedgeextension-prod-eastus.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:29:56.060786009 CEST1.1.1.1192.168.2.50x1b47No error (0)ssl.bingadsedgeextension-prod-eastus.azurewebsites.net40.71.99.188A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:29:56.061100006 CEST1.1.1.1192.168.2.50xfa39No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:29:57.476495981 CEST1.1.1.1192.168.2.50x8bd8No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:29:57.476856947 CEST1.1.1.1192.168.2.50x25a8No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:29:58.955141068 CEST1.1.1.1192.168.2.50x2ae0No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:29:58.955141068 CEST1.1.1.1192.168.2.50x2ae0No error (0)googlehosted.l.googleusercontent.com142.250.186.129A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:29:58.955697060 CEST1.1.1.1192.168.2.50x7ba3No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.177557945 CEST1.1.1.1192.168.2.50x5d5bNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.177557945 CEST1.1.1.1192.168.2.50x5d5bNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.179847956 CEST1.1.1.1192.168.2.50x8b31No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.874533892 CEST1.1.1.1192.168.2.50x58e5No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.874533892 CEST1.1.1.1192.168.2.50x58e5No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.874855042 CEST1.1.1.1192.168.2.50x52fbNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.874855042 CEST1.1.1.1192.168.2.50x52fbNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.875221968 CEST1.1.1.1192.168.2.50xf081No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.875231981 CEST1.1.1.1192.168.2.50xfcfbNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.988914013 CEST1.1.1.1192.168.2.50x2269No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.989007950 CEST1.1.1.1192.168.2.50xa04No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:00.989007950 CEST1.1.1.1192.168.2.50xa04No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:01.235193968 CEST1.1.1.1192.168.2.50x2652No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:01.235193968 CEST1.1.1.1192.168.2.50x2652No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:01.235908985 CEST1.1.1.1192.168.2.50x66d9No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:01.426368952 CEST1.1.1.1192.168.2.50x5a16No error (0)shed.dual-low.s-part-0023.t-0009.t-msedge.nets-part-0023.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:01.426368952 CEST1.1.1.1192.168.2.50x5a16No error (0)s-part-0023.t-0009.t-msedge.net13.107.246.51A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:01.556360960 CEST1.1.1.1192.168.2.50xb43dNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:01.571327925 CEST1.1.1.1192.168.2.50x490fNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:03.446250916 CEST1.1.1.1192.168.2.50xe14eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:03.446250916 CEST1.1.1.1192.168.2.50xe14eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:03.457773924 CEST1.1.1.1192.168.2.50x3ff4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:03.468211889 CEST1.1.1.1192.168.2.50xf4aaNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:04.540082932 CEST1.1.1.1192.168.2.50x5845No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:04.547127962 CEST1.1.1.1192.168.2.50xb181No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:04.547127962 CEST1.1.1.1192.168.2.50xb181No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:04.548362970 CEST1.1.1.1192.168.2.50x6929No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:04.548362970 CEST1.1.1.1192.168.2.50x6929No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.636696100 CEST1.1.1.1192.168.2.50x8839No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.636696100 CEST1.1.1.1192.168.2.50x8839No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.638385057 CEST1.1.1.1192.168.2.50x54b2No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.638385057 CEST1.1.1.1192.168.2.50x54b2No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.644915104 CEST1.1.1.1192.168.2.50xc22cNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.653772116 CEST1.1.1.1192.168.2.50x9350No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.721306086 CEST1.1.1.1192.168.2.50x2c98No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.721306086 CEST1.1.1.1192.168.2.50x2c98No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.721306086 CEST1.1.1.1192.168.2.50x2c98No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.721306086 CEST1.1.1.1192.168.2.50x2c98No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.898091078 CEST1.1.1.1192.168.2.50x6cd9No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.898091078 CEST1.1.1.1192.168.2.50x6cd9No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.898091078 CEST1.1.1.1192.168.2.50x6cd9No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:31.898091078 CEST1.1.1.1192.168.2.50x6cd9No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:32.870400906 CEST1.1.1.1192.168.2.50x53c8No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:32.870400906 CEST1.1.1.1192.168.2.50x53c8No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:34.496916056 CEST1.1.1.1192.168.2.50xf7bcNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:34.496916056 CEST1.1.1.1192.168.2.50xf7bcNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:34.987375021 CEST1.1.1.1192.168.2.50x339fNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:34.987375021 CEST1.1.1.1192.168.2.50x339fNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:59.152299881 CEST1.1.1.1192.168.2.50x719dNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:30:59.322757006 CEST1.1.1.1192.168.2.50x7c5bNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:31:00.551142931 CEST1.1.1.1192.168.2.50x7aaaNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 5, 2024 07:31:00.551142931 CEST1.1.1.1192.168.2.50x7aaaNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                  Sep 5, 2024 07:31:00.551707029 CEST1.1.1.1192.168.2.50xbe83No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • api.edgeoffer.microsoft.com
                                                                                  • clients2.googleusercontent.com
                                                                                  • chrome.cloudflare-dns.com
                                                                                  • edgeassetservice.azureedge.net
                                                                                  • fs.microsoft.com
                                                                                  • https:
                                                                                    • accounts.youtube.com
                                                                                    • www.google.com
                                                                                  • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                  • slscr.update.microsoft.com
                                                                                  • detectportal.firefox.com

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.54975134.107.221.82807556C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 5, 2024 07:30:03.456532001 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Connection: keep-alive
                                                                                  Sep 5, 2024 07:30:03.912278891 CEST298INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 90
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                                                  Age: 20693
                                                                                  Content-Type: text/html
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                  Sep 5, 2024 07:30:13.938047886 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:30:23.955285072 CEST6OUTData Raw: 00
                                                                                  Data Ascii:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.54975634.107.221.82807556C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 5, 2024 07:30:04.554950953 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Connection: keep-alive
                                                                                  Pragma: no-cache
                                                                                  Cache-Control: no-cache
                                                                                  Sep 5, 2024 07:30:05.083123922 CEST216INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 8
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                                  Age: 39499
                                                                                  Content-Type: text/plain
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                  Data Ascii: success
                                                                                  Sep 5, 2024 07:30:15.082721949 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:30:25.815368891 CEST6OUTData Raw: 00
                                                                                  Data Ascii:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.54978334.107.221.82807556C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 5, 2024 07:30:32.876135111 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Connection: keep-alive
                                                                                  Sep 5, 2024 07:30:33.337635040 CEST298INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 90
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                                                  Age: 75698
                                                                                  Content-Type: text/html
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                  Sep 5, 2024 07:30:34.492269993 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Connection: keep-alive
                                                                                  Sep 5, 2024 07:30:34.590763092 CEST298INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 90
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                                                  Age: 75699
                                                                                  Content-Type: text/html
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                  Sep 5, 2024 07:30:34.976367950 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Connection: keep-alive
                                                                                  Sep 5, 2024 07:30:35.071327925 CEST298INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 90
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                                                  Age: 75700
                                                                                  Content-Type: text/html
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                  Sep 5, 2024 07:30:45.080380917 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:30:55.094985008 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:31:00.544068098 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Connection: keep-alive
                                                                                  Sep 5, 2024 07:31:00.638626099 CEST298INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 90
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                                                  Age: 75725
                                                                                  Content-Type: text/html
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                  Sep 5, 2024 07:31:01.198781967 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Connection: keep-alive
                                                                                  Sep 5, 2024 07:31:01.293740988 CEST298INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 90
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                                                  Age: 75726
                                                                                  Content-Type: text/html
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                  Sep 5, 2024 07:31:11.302361012 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:31:21.318897963 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:31:31.333468914 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:31:41.348669052 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:31:51.382302999 CEST6OUTData Raw: 00
                                                                                  Data Ascii:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.54978434.107.221.82807556C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 5, 2024 07:30:33.353276968 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Connection: keep-alive
                                                                                  Pragma: no-cache
                                                                                  Cache-Control: no-cache
                                                                                  Sep 5, 2024 07:30:34.471736908 CEST216INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 8
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                                  Age: 39527
                                                                                  Content-Type: text/plain
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                  Data Ascii: success
                                                                                  Sep 5, 2024 07:30:34.471961975 CEST216INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 8
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                                  Age: 39527
                                                                                  Content-Type: text/plain
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                  Data Ascii: success
                                                                                  Sep 5, 2024 07:30:34.472459078 CEST216INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 8
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                                  Age: 39527
                                                                                  Content-Type: text/plain
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                  Data Ascii: success
                                                                                  Sep 5, 2024 07:30:34.593785048 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Connection: keep-alive
                                                                                  Pragma: no-cache
                                                                                  Cache-Control: no-cache
                                                                                  Sep 5, 2024 07:30:34.689733028 CEST216INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 8
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                                  Age: 39528
                                                                                  Content-Type: text/plain
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                  Data Ascii: success
                                                                                  Sep 5, 2024 07:30:35.074146986 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Connection: keep-alive
                                                                                  Pragma: no-cache
                                                                                  Cache-Control: no-cache
                                                                                  Sep 5, 2024 07:30:35.173063993 CEST216INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 8
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                                  Age: 39529
                                                                                  Content-Type: text/plain
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                  Data Ascii: success
                                                                                  Sep 5, 2024 07:30:45.187828064 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:30:55.210875034 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:31:00.862904072 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Connection: keep-alive
                                                                                  Pragma: no-cache
                                                                                  Cache-Control: no-cache
                                                                                  Sep 5, 2024 07:31:01.096992970 CEST216INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 8
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                                  Age: 39555
                                                                                  Content-Type: text/plain
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                  Data Ascii: success
                                                                                  Sep 5, 2024 07:31:01.385514021 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                  Host: detectportal.firefox.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Connection: keep-alive
                                                                                  Pragma: no-cache
                                                                                  Cache-Control: no-cache
                                                                                  Sep 5, 2024 07:31:01.482889891 CEST216INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Content-Length: 8
                                                                                  Via: 1.1 google
                                                                                  Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                                  Age: 39555
                                                                                  Content-Type: text/plain
                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                  Data Ascii: success
                                                                                  Sep 5, 2024 07:31:11.492712975 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:31:21.503753901 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:31:31.519939899 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:31:41.528038979 CEST6OUTData Raw: 00
                                                                                  Data Ascii:
                                                                                  Sep 5, 2024 07:31:51.545039892 CEST6OUTData Raw: 00
                                                                                  Data Ascii:


                                                                                  HTTPS Proxied Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.54971040.71.99.1884438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:29:57 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                                                                  Host: api.edgeoffer.microsoft.com
                                                                                  Connection: keep-alive
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:29:57 UTC584INHTTP/1.1 200 OK
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-protobuf; charset=utf-8
                                                                                  Date: Thu, 05 Sep 2024 05:29:56 GMT
                                                                                  Server: Microsoft-IIS/10.0
                                                                                  Set-Cookie: ARRAffinity=2b61cec408d874c576472ee16343ea5413e09acae6c0285fbe59824567b6c09b;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                  Set-Cookie: ARRAffinitySameSite=2b61cec408d874c576472ee16343ea5413e09acae6c0285fbe59824567b6c09b;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                  Request-Context: appId=cid-v1:cfede706-9043-4d8c-a950-efefc8624cae
                                                                                  X-Powered-By: ASP.NET


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.549722142.250.186.1294438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:29:59 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                                  Host: clients2.googleusercontent.com
                                                                                  Connection: keep-alive
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:29:59 UTC566INHTTP/1.1 200 OK
                                                                                  Accept-Ranges: bytes
                                                                                  Content-Length: 135751
                                                                                  X-GUploader-UploadID: AD-8ljsqFKFfhbFwMg_8uFT16hlYBQB1SjfJlh8NfP52lz5O7peADQi3K7DZ1yaXxlqmmX11G-Y
                                                                                  X-Goog-Hash: crc32c=IDdmTg==
                                                                                  Server: UploadServer
                                                                                  Date: Wed, 04 Sep 2024 19:15:10 GMT
                                                                                  Expires: Thu, 04 Sep 2025 19:15:10 GMT
                                                                                  Cache-Control: public, max-age=31536000
                                                                                  Age: 36889
                                                                                  Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                                  ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                                  Content-Type: application/x-chrome-extension
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Connection: close
                                                                                  2024-09-05 05:29:59 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                  Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                  2024-09-05 05:29:59 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                                                                                  Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                                                  2024-09-05 05:29:59 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                                                                                  Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                                                  2024-09-05 05:29:59 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                                                                                  Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                                                  2024-09-05 05:29:59 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                                                                                  Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                                                  2024-09-05 05:29:59 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                                                                                  Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                                                                                  2024-09-05 05:29:59 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                                                                                  Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                                                                                  2024-09-05 05:29:59 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                                                                                  Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                                                  2024-09-05 05:29:59 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                                                                                  Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                                                  2024-09-05 05:29:59 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                                                                                  Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.549732162.159.61.34438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:01 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                  Host: chrome.cloudflare-dns.com
                                                                                  Connection: keep-alive
                                                                                  Content-Length: 128
                                                                                  Accept: application/dns-message
                                                                                  Accept-Language: *
                                                                                  User-Agent: Chrome
                                                                                  Accept-Encoding: identity
                                                                                  Content-Type: application/dns-message
                                                                                  2024-09-05 05:30:01 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                  2024-09-05 05:30:01 UTC247INHTTP/1.1 200 OK
                                                                                  Server: cloudflare
                                                                                  Date: Thu, 05 Sep 2024 05:30:01 GMT
                                                                                  Content-Type: application/dns-message
                                                                                  Connection: close
                                                                                  Access-Control-Allow-Origin: *
                                                                                  Content-Length: 468
                                                                                  CF-RAY: 8be3d32edd6cc33c-EWR
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  2024-09-05 05:30:01 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 70 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Data Ascii: wwwgstaticcomp(c)


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.549731162.159.61.34438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:01 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                  Host: chrome.cloudflare-dns.com
                                                                                  Connection: keep-alive
                                                                                  Content-Length: 128
                                                                                  Accept: application/dns-message
                                                                                  Accept-Language: *
                                                                                  User-Agent: Chrome
                                                                                  Accept-Encoding: identity
                                                                                  Content-Type: application/dns-message
                                                                                  2024-09-05 05:30:01 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                  2024-09-05 05:30:01 UTC247INHTTP/1.1 200 OK
                                                                                  Server: cloudflare
                                                                                  Date: Thu, 05 Sep 2024 05:30:01 GMT
                                                                                  Content-Type: application/dns-message
                                                                                  Connection: close
                                                                                  Access-Control-Allow-Origin: *
                                                                                  Content-Length: 468
                                                                                  CF-RAY: 8be3d32edb5343cd-EWR
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  2024-09-05 05:30:01 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 00 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Data Ascii: wwwgstaticcom c)


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.2.549734172.64.41.34438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:01 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                  Host: chrome.cloudflare-dns.com
                                                                                  Connection: keep-alive
                                                                                  Content-Length: 128
                                                                                  Accept: application/dns-message
                                                                                  Accept-Language: *
                                                                                  User-Agent: Chrome
                                                                                  Accept-Encoding: identity
                                                                                  Content-Type: application/dns-message
                                                                                  2024-09-05 05:30:01 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                  2024-09-05 05:30:01 UTC247INHTTP/1.1 200 OK
                                                                                  Server: cloudflare
                                                                                  Date: Thu, 05 Sep 2024 05:30:01 GMT
                                                                                  Content-Type: application/dns-message
                                                                                  Connection: close
                                                                                  Access-Control-Allow-Origin: *
                                                                                  Content-Length: 468
                                                                                  CF-RAY: 8be3d32fcad24333-EWR
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  2024-09-05 05:30:01 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 01 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Data Ascii: wwwgstaticcom c)


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.2.549737184.28.90.27443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:02 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Accept: */*
                                                                                  Accept-Encoding: identity
                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                  Host: fs.microsoft.com
                                                                                  2024-09-05 05:30:02 UTC467INHTTP/1.1 200 OK
                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                  Content-Type: application/octet-stream
                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                  Server: ECAcc (lpl/EF67)
                                                                                  X-CID: 11
                                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                                  X-Ms-Region: prod-weu-z1
                                                                                  Cache-Control: public, max-age=126938
                                                                                  Date: Thu, 05 Sep 2024 05:30:02 GMT
                                                                                  Connection: close
                                                                                  X-CID: 2


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.2.54973813.107.246.514438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:02 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                                  Host: edgeassetservice.azureedge.net
                                                                                  Connection: keep-alive
                                                                                  Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                                  Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                                  Sec-Mesh-Client-Edge-Channel: stable
                                                                                  Sec-Mesh-Client-OS: Windows
                                                                                  Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                                  Sec-Mesh-Client-Arch: x86_64
                                                                                  Sec-Mesh-Client-WebView: 0
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:02 UTC583INHTTP/1.1 200 OK
                                                                                  Date: Thu, 05 Sep 2024 05:30:02 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 70207
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                                                  ETag: 0x8DCB31E67C22927
                                                                                  x-ms-request-id: ed2d6e16-301e-006f-0748-ffc0d3000000
                                                                                  x-ms-version: 2009-09-19
                                                                                  x-ms-lease-status: unlocked
                                                                                  x-ms-blob-type: BlockBlob
                                                                                  x-azure-ref: 20240905T053002Z-16579567576h266g9d6dee9ff80000000c2g00000000bmgf
                                                                                  Cache-Control: public, max-age=604800
                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                  X-Cache: TCP_HIT
                                                                                  X-Cache-Info: L1_T2
                                                                                  Accept-Ranges: bytes
                                                                                  2024-09-05 05:30:02 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                                  Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                                  2024-09-05 05:30:02 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                                                  Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                                                  2024-09-05 05:30:02 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                                                  Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                                                  2024-09-05 05:30:02 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                                                  Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                                                  2024-09-05 05:30:02 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                                                  Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.2.549742184.28.90.27443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:03 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Accept: */*
                                                                                  Accept-Encoding: identity
                                                                                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                  Range: bytes=0-2147483646
                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                  Host: fs.microsoft.com
                                                                                  2024-09-05 05:30:03 UTC515INHTTP/1.1 200 OK
                                                                                  ApiVersion: Distribute 1.1
                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                  Content-Type: application/octet-stream
                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                  Server: ECAcc (lpl/EF06)
                                                                                  X-CID: 11
                                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                                  X-Ms-Region: prod-weu-z1
                                                                                  Cache-Control: public, max-age=126991
                                                                                  Date: Thu, 05 Sep 2024 05:30:03 GMT
                                                                                  Content-Length: 55
                                                                                  Connection: close
                                                                                  X-CID: 2
                                                                                  2024-09-05 05:30:03 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  8192.168.2.549748142.250.176.2064438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:03 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                  Host: play.google.com
                                                                                  Connection: keep-alive
                                                                                  Accept: */*
                                                                                  Access-Control-Request-Method: POST
                                                                                  Access-Control-Request-Headers: x-goog-authuser
                                                                                  Origin: https://accounts.google.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  Sec-Fetch-Mode: cors
                                                                                  Sec-Fetch-Site: same-site
                                                                                  Sec-Fetch-Dest: empty
                                                                                  Referer: https://accounts.google.com/
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:03 UTC520INHTTP/1.1 200 OK
                                                                                  Access-Control-Allow-Origin: https://accounts.google.com
                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                  Access-Control-Max-Age: 86400
                                                                                  Access-Control-Allow-Credentials: true
                                                                                  Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                  Date: Thu, 05 Sep 2024 05:30:03 GMT
                                                                                  Server: Playlog
                                                                                  Content-Length: 0
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Connection: close


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  9192.168.2.549749142.250.176.2064438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:03 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                  Host: play.google.com
                                                                                  Connection: keep-alive
                                                                                  Accept: */*
                                                                                  Access-Control-Request-Method: POST
                                                                                  Access-Control-Request-Headers: x-goog-authuser
                                                                                  Origin: https://accounts.google.com
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  Sec-Fetch-Mode: cors
                                                                                  Sec-Fetch-Site: same-site
                                                                                  Sec-Fetch-Dest: empty
                                                                                  Referer: https://accounts.google.com/
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:03 UTC520INHTTP/1.1 200 OK
                                                                                  Access-Control-Allow-Origin: https://accounts.google.com
                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                  Access-Control-Max-Age: 86400
                                                                                  Access-Control-Allow-Credentials: true
                                                                                  Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                  Date: Thu, 05 Sep 2024 05:30:03 GMT
                                                                                  Server: Playlog
                                                                                  Content-Length: 0
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Connection: close


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  10192.168.2.549747142.250.80.784438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:03 UTC1080OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-177113503&timestamp=1725514201632 HTTP/1.1
                                                                                  Host: accounts.youtube.com
                                                                                  Connection: keep-alive
                                                                                  sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  sec-ch-ua-full-version: "117.0.5938.132"
                                                                                  sec-ch-ua-arch: "x86"
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  sec-ch-ua-platform-version: "10.0.0"
                                                                                  sec-ch-ua-model: ""
                                                                                  sec-ch-ua-bitness: "64"
                                                                                  sec-ch-ua-wow64: ?0
                                                                                  sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                                                  Upgrade-Insecure-Requests: 1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Sec-Fetch-Site: cross-site
                                                                                  Sec-Fetch-Mode: navigate
                                                                                  Sec-Fetch-Dest: iframe
                                                                                  Referer: https://accounts.google.com/
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:03 UTC1971INHTTP/1.1 200 OK
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                                                  Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-msTxg1PmtiB2rj27uUct1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                  Date: Thu, 05 Sep 2024 05:30:03 GMT
                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                  reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmJw0JBikPj6kkkDiJ3SZ7AGAXHSv_OsRUC8JOIi66HEi6yXuy-xXgdi1Z5LrKZALMTDcbv56TY2gRu_Tj5lUtJLyi-Mz0xJzSvJLKlMyc9NzMxLzs_PzkwtLk4tKkstijcyMDIxsDAy1TOwiC8wAAA-Zy8Z"
                                                                                  Server: ESF
                                                                                  X-XSS-Protection: 0
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2024-09-05 05:30:03 UTC1971INData Raw: 37 36 33 61 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6d 73 54 78 67 31 50 6d 74 69 42 32 72 6a 32 37 75 55 63 74 31 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                                                  Data Ascii: 763a<html><head><script nonce="msTxg1PmtiB2rj27uUct1g">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                                                  2024-09-05 05:30:03 UTC1971INData Raw: 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 2c 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 0a 66 61 28 29 3b 69 66 28 61 3d 3d 3d 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 29 7b 69 66 28 6a 61 28 29 29 69 66 28 28 61 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 62 29 29 26 26 61 5b 31 5d 29 62 3d 61 5b 31 5d 3b 65 6c 73 65 7b 61 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 62 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e
                                                                                  Data Ascii: n d in b})]||""}},pa=function(a){var b=fa();if(a==="Internet Explorer"){if(ja())if((a=/rv: *([\d\.]*)/.exec(b))&&a[1])b=a[1];else{a="";var c=/MSIE +([\d\.]+)/.exec(b);if(c&&c[1])if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.
                                                                                  2024-09-05 05:30:03 UTC1971INData Raw: 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 3d 6e 75 6c 6c 26 26 28 61 3d 79 61 29 3b 79 61 3d 76 6f 69 64 20 30 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 0a 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 61 3a
                                                                                  Data Ascii: on(a,b,c){a==null&&(a=ya);ya=void 0;if(a==null){var d=96;c?(a=[c],d|=512):a=[];b&&(d=d&-16760833|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))throw Error("p");a:
                                                                                  2024-09-05 05:30:03 UTC1971INData Raw: 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 43 3f 61 2e 4a 3a 4b 61 28 61 2e 4a 2c 4e 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 76 61 72 20 62 3d 21 43 2c 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 61 5b 63 2d 31 5d 2c 65 3d 76 61 28 64 29 3b 65 3f 63 2d 2d 3a 64 3d 76 6f 69 64 20 30 3b 76 61 72 20 66 3d 61 3b 69 66 28 65 29 7b 62 3a 7b 76 61 72 20 68 3d 64 3b 76 61 72 20 67 3d 7b 7d 3b 65 3d 21 31 3b 69 66 28 68 29 66 6f 72 28 76 61 72 20 6b 20 69 6e 20 68 29 69 66 28 69 73 4e 61 4e 28 2b 6b 29 29 67 5b 6b 5d 3d 68 5b 6b 5d 3b 65 6c 73 65 7b 76 61 72 20 6c 3d 0a 68 5b 6b 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6c 29 26 26 28 41 28 6c 29 7c 7c 75 61 28 6c 29 26 26 6c 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 6c 3d
                                                                                  Data Ascii: nction(a){a=C?a.J:Ka(a.J,Na,void 0,void 0,!1);var b=!C,c=a.length;if(c){var d=a[c-1],e=va(d);e?c--:d=void 0;var f=a;if(e){b:{var h=d;var g={};e=!1;if(h)for(var k in h)if(isNaN(+k))g[k]=h[k];else{var l=h[k];Array.isArray(l)&&(A(l)||ua(l)&&l.size===0)&&(l=
                                                                                  2024-09-05 05:30:03 UTC1971INData Raw: 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 44 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 54 61 28 51 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 54 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 46 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d
                                                                                  Data Ascii: eof d==="function"&&typeof d.prototype[a]!="function"&&D(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Ta(Qa(this))}})}return a});var Ta=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a},F=function(a){var b=
                                                                                  2024-09-05 05:30:03 UTC1971INData Raw: 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 47 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 26 26 47 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 0a 47 28 6b 2c 66 29
                                                                                  Data Ascii: ("i");d(k);if(!G(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&G(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&G(k,f)&&G(k[f],this.g)};g.prototype.delete=function(k){return c(k)&&G(k,f)
                                                                                  2024-09-05 05:30:03 UTC1971INData Raw: 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 47 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 67 2c 6c 3a 71 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 6c 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20
                                                                                  Data Ascii: ="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&G(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key||k===q.key)return{id:l,list:m,index:g,l:q}}return{id:l,list:m,index:-1,l:void 0}},e=function(g,k){var
                                                                                  2024-09-05 05:30:03 UTC1971INData Raw: 69 66 28 21 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 69 66 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 29 7b 76 61 72 20 64 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 32 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 3b 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 75 6e 73 68 69 66 74 2e 61 70 70 6c 79 28 65 2c 64 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 65 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 0a 61 72 67 75 6d 65 6e 74 73 29 7d 7d
                                                                                  Data Ascii: if(!a)throw Error();if(arguments.length>2){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}
                                                                                  2024-09-05 05:30:03 UTC1971INData Raw: 3a 22 55 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 22 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 66 69 6c 65 4e 61 6d 65 3a 62 2c 73 74 61 63 6b 3a 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 3b 76 61 72 20 63 3d 21 31 3b 74 72 79 7b 76 61 72 20 64 3d 61 2e 6c 69 6e 65 4e 75 6d 62 65 72 7c 7c 61 2e 6c 69 6e 65 7c 7c 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 63 61 74 63 68 28 66 29 7b 64 3d 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 63 3d 21 30 7d 74 72 79 7b 76 61 72 20 65 3d 61 2e 66 69 6c 65 4e 61 6d 65 7c 7c 0a 61 2e 66 69 6c 65 6e 61 6d 65 7c 7c 61 2e 73 6f 75 72 63 65 55 52 4c 7c 7c 72 2e 24 67 6f 6f 67 44 65 62 75 67 46 6e 61 6d 65 7c 7c 62 7d 63 61 74 63 68 28 66 29 7b 65 3d 22 4e 6f 74 20 61 76 61
                                                                                  Data Ascii: :"Unknown error",lineNumber:"Not available",fileName:b,stack:"Not available"};var c=!1;try{var d=a.lineNumber||a.line||"Not available"}catch(f){d="Not available",c=!0}try{var e=a.fileName||a.filename||a.sourceURL||r.$googDebugFname||b}catch(f){e="Not ava
                                                                                  2024-09-05 05:30:03 UTC1971INData Raw: 72 6e 20 4a 5b 61 5d 3b 61 3d 53 74 72 69 6e 67 28 61 29 3b 69 66 28 21 4a 5b 61 5d 29 7b 76 61 72 20 62 3d 2f 66 75 6e 63 74 69 6f 6e 5c 73 2b 28 5b 5e 5c 28 5d 2b 29 2f 6d 2e 65 78 65 63 28 61 29 3b 4a 5b 61 5d 3d 62 3f 62 5b 31 5d 3a 22 5b 41 6e 6f 6e 79 6d 6f 75 73 5d 22 7d 72 65 74 75 72 6e 20 4a 5b 61 5d 7d 2c 4a 3d 7b 7d 3b 76 61 72 20 74 62 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24
                                                                                  Data Ascii: rn J[a];a=String(a);if(!J[a]){var b=/function\s+([^\(]+)/m.exec(a);J[a]=b?b[1]:"[Anonymous]"}return J[a]},J={};var tb=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#]*)@)?([^\\\\/?#]*?)(?::([0-9]+))?(?=[\\\\/?#]|$))?([^?#]+)?(?:\\?([^#]*))?(?:#([\\s\\S]*))?$


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  11192.168.2.54975013.107.246.404438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:04 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                                  Host: edgeassetservice.azureedge.net
                                                                                  Connection: keep-alive
                                                                                  Edge-Asset-Group: Shoreline
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:04 UTC577INHTTP/1.1 200 OK
                                                                                  Date: Thu, 05 Sep 2024 05:30:04 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 306698
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                                  ETag: 0x8DBC9B5C40EBFF4
                                                                                  x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                                                                  x-ms-version: 2009-09-19
                                                                                  x-ms-lease-status: unlocked
                                                                                  x-ms-blob-type: BlockBlob
                                                                                  x-azure-ref: 20240905T053004Z-165795675762gt5gbs4b9bazh80000000brg00000000813b
                                                                                  Cache-Control: public, max-age=604800
                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                  X-Cache-Info: L1_T2
                                                                                  X-Cache: TCP_HIT
                                                                                  Accept-Ranges: bytes
                                                                                  2024-09-05 05:30:04 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                                  Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                                  2024-09-05 05:30:04 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                                                  Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                                                  2024-09-05 05:30:04 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                                                  Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                                                  2024-09-05 05:30:04 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                                                  Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                                                  2024-09-05 05:30:04 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                                                  Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                                                  2024-09-05 05:30:04 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                                                  Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                                                  2024-09-05 05:30:04 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                                                  Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                                                  2024-09-05 05:30:04 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                                                  Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                                                  2024-09-05 05:30:04 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                                                  Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                                                  2024-09-05 05:30:04 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                                                  Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  12192.168.2.549754152.195.19.974438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:04 UTC612OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726118998&P2=404&P3=2&P4=eLDtVxmfG1Q64N1BD3nyCCMmDkB4nBBSE6BOA7YMzXRdneEco8ojkqMX3gy7Jp4GGpHC27OsTdKCuCYOJ7LLJA%3d%3d HTTP/1.1
                                                                                  Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                  Connection: keep-alive
                                                                                  MS-CV: Fgp+FIPJav5XMirZw9vb0z
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:04 UTC632INHTTP/1.1 200 OK
                                                                                  Accept-Ranges: bytes
                                                                                  Age: 5440735
                                                                                  Cache-Control: public, max-age=17280000
                                                                                  Content-Type: application/x-chrome-extension
                                                                                  Date: Thu, 05 Sep 2024 05:30:04 GMT
                                                                                  Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                                  Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                                  MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                                  MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                                  MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                                  Server: ECAcc (nyd/D11E)
                                                                                  X-AspNet-Version: 4.0.30319
                                                                                  X-AspNetMvc-Version: 5.3
                                                                                  X-Cache: HIT
                                                                                  X-CCC: US
                                                                                  X-CID: 11
                                                                                  X-Powered-By: ASP.NET
                                                                                  X-Powered-By: ARR/3.0
                                                                                  X-Powered-By: ASP.NET
                                                                                  Content-Length: 11185
                                                                                  Connection: close
                                                                                  2024-09-05 05:30:04 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                                  Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  13192.168.2.54975713.107.246.404438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:05 UTC438OUTGET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1
                                                                                  Host: edgeassetservice.azureedge.net
                                                                                  Connection: keep-alive
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:05 UTC543INHTTP/1.1 200 OK
                                                                                  Date: Thu, 05 Sep 2024 05:30:05 GMT
                                                                                  Content-Type: image/png
                                                                                  Content-Length: 1579
                                                                                  Connection: close
                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT
                                                                                  ETag: 0x8DBDCB5DE99522A
                                                                                  x-ms-request-id: ad365aed-b01e-003a-593a-ff2ba4000000
                                                                                  x-ms-version: 2009-09-19
                                                                                  x-ms-lease-status: unlocked
                                                                                  x-ms-blob-type: BlockBlob
                                                                                  x-azure-ref: 20240905T053005Z-16579567576h266g9d6dee9ff80000000c0000000000ks3t
                                                                                  Cache-Control: public, max-age=604800
                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                  X-Cache: TCP_HIT
                                                                                  X-Cache-Info: L1_T2
                                                                                  Accept-Ranges: bytes
                                                                                  2024-09-05 05:30:05 UTC1579INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29
                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  14192.168.2.549758142.250.65.1964438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:05 UTC1070OUTGET /favicon.ico HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  sec-ch-ua-arch: "x86"
                                                                                  sec-ch-ua-full-version: "117.0.5938.132"
                                                                                  sec-ch-ua-platform-version: "10.0.0"
                                                                                  sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                                                  sec-ch-ua-bitness: "64"
                                                                                  sec-ch-ua-model: ""
                                                                                  sec-ch-ua-wow64: ?0
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                  Sec-Fetch-Site: same-site
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: image
                                                                                  Referer: https://accounts.google.com/
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  Cookie: NID=517=OOQmkBGkOU0r5eyCPs_Z5MljZ5QUYSxRCCszJEgsOrbtqKRWW7490iA6aKew1GjCaEew6AgaPRr9U5O7Jd_7lRkeqDp78ST6ktgycCYlp8Hki9A5IQct5IhLB2_cz3FrrJBb1e5ZwkeEX8GtxqR6st-t7v7lR4r3Ptg4afIuucU
                                                                                  2024-09-05 05:30:05 UTC704INHTTP/1.1 200 OK
                                                                                  Accept-Ranges: bytes
                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                  Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                  Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                  Content-Length: 5430
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Server: sffe
                                                                                  X-XSS-Protection: 0
                                                                                  Date: Thu, 05 Sep 2024 05:18:04 GMT
                                                                                  Expires: Fri, 13 Sep 2024 05:18:04 GMT
                                                                                  Cache-Control: public, max-age=691200
                                                                                  Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                  Content-Type: image/x-icon
                                                                                  Vary: Accept-Encoding
                                                                                  Age: 721
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Connection: close
                                                                                  2024-09-05 05:30:05 UTC686INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                                  Data Ascii: h& ( 0.v]X:X:rY
                                                                                  2024-09-05 05:30:05 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb
                                                                                  Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                                  2024-09-05 05:30:05 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc
                                                                                  Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                                  2024-09-05 05:30:05 UTC1390INData Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                  Data Ascii: BBBBBBF!4I
                                                                                  2024-09-05 05:30:05 UTC574INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                  Data Ascii: $'


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  15192.168.2.54976113.107.246.404438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:05 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                                  Host: edgeassetservice.azureedge.net
                                                                                  Connection: keep-alive
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:05 UTC536INHTTP/1.1 200 OK
                                                                                  Date: Thu, 05 Sep 2024 05:30:05 GMT
                                                                                  Content-Type: image/png
                                                                                  Content-Length: 1966
                                                                                  Connection: close
                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                                  ETag: 0x8DBDCB5EC122A94
                                                                                  x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                                                                  x-ms-version: 2009-09-19
                                                                                  x-ms-lease-status: unlocked
                                                                                  x-ms-blob-type: BlockBlob
                                                                                  x-azure-ref: 20240905T053005Z-16579567576kv75wmks9m65qec0000000c1000000000g033
                                                                                  Cache-Control: public, max-age=604800
                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                  X-Cache-Info: L1_T2
                                                                                  X-Cache: TCP_HIT
                                                                                  Accept-Ranges: bytes
                                                                                  2024-09-05 05:30:05 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  16192.168.2.54976013.107.246.404438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:05 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                                  Host: edgeassetservice.azureedge.net
                                                                                  Connection: keep-alive
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:05 UTC536INHTTP/1.1 200 OK
                                                                                  Date: Thu, 05 Sep 2024 05:30:05 GMT
                                                                                  Content-Type: image/png
                                                                                  Content-Length: 1751
                                                                                  Connection: close
                                                                                  Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                                  ETag: 0x8DBCEA8D5AACC85
                                                                                  x-ms-request-id: 1e6d2d82-a01e-0061-7c30-fe2cd8000000
                                                                                  x-ms-version: 2009-09-19
                                                                                  x-ms-lease-status: unlocked
                                                                                  x-ms-blob-type: BlockBlob
                                                                                  x-azure-ref: 20240905T053005Z-16579567576s4v5z9ks8mdk6fw0000000btg00000000gpqu
                                                                                  Cache-Control: public, max-age=604800
                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                  X-Cache-Info: L1_T2
                                                                                  X-Cache: TCP_HIT
                                                                                  Accept-Ranges: bytes
                                                                                  2024-09-05 05:30:05 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  17192.168.2.54975913.107.246.404438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:05 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                                  Host: edgeassetservice.azureedge.net
                                                                                  Connection: keep-alive
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:05 UTC536INHTTP/1.1 200 OK
                                                                                  Date: Thu, 05 Sep 2024 05:30:05 GMT
                                                                                  Content-Type: image/png
                                                                                  Content-Length: 1427
                                                                                  Connection: close
                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                                  ETag: 0x8DBDCB5EF021F8E
                                                                                  x-ms-request-id: 493a985f-801e-0076-6330-feecbb000000
                                                                                  x-ms-version: 2009-09-19
                                                                                  x-ms-lease-status: unlocked
                                                                                  x-ms-blob-type: BlockBlob
                                                                                  x-azure-ref: 20240905T053005Z-16579567576rhxz5kgqdm3tfq00000000bzg00000000cef6
                                                                                  Cache-Control: public, max-age=604800
                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                  X-Cache-Info: L1_T2
                                                                                  X-Cache: TCP_HIT
                                                                                  Accept-Ranges: bytes
                                                                                  2024-09-05 05:30:05 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  18192.168.2.54976213.107.246.404438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:05 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                                  Host: edgeassetservice.azureedge.net
                                                                                  Connection: keep-alive
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:06 UTC523INHTTP/1.1 200 OK
                                                                                  Date: Thu, 05 Sep 2024 05:30:06 GMT
                                                                                  Content-Type: image/png
                                                                                  Content-Length: 2008
                                                                                  Connection: close
                                                                                  Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                                  ETag: 0x8DBC9B5C0C17219
                                                                                  x-ms-request-id: 99f39b71-d01e-004c-0354-ffaf18000000
                                                                                  x-ms-version: 2009-09-19
                                                                                  x-ms-lease-status: unlocked
                                                                                  x-ms-blob-type: BlockBlob
                                                                                  x-azure-ref: 20240905T053005Z-16579567576vmrmh31x74mnmgs00000003p000000000a52q
                                                                                  Cache-Control: public, max-age=604800
                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                  X-Cache: TCP_MISS
                                                                                  Accept-Ranges: bytes
                                                                                  2024-09-05 05:30:06 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  19192.168.2.54976313.107.246.404438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:05 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                                  Host: edgeassetservice.azureedge.net
                                                                                  Connection: keep-alive
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:05 UTC536INHTTP/1.1 200 OK
                                                                                  Date: Thu, 05 Sep 2024 05:30:05 GMT
                                                                                  Content-Type: image/png
                                                                                  Content-Length: 2229
                                                                                  Connection: close
                                                                                  Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                                  ETag: 0x8DBD59359A9E77B
                                                                                  x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                                                                  x-ms-version: 2009-09-19
                                                                                  x-ms-lease-status: unlocked
                                                                                  x-ms-blob-type: BlockBlob
                                                                                  x-azure-ref: 20240905T053005Z-16579567576pgh4h94c7qn0kuc0000000bug00000000hu2t
                                                                                  Cache-Control: public, max-age=604800
                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                  X-Cache-Info: L1_T2
                                                                                  X-Cache: TCP_HIT
                                                                                  Accept-Ranges: bytes
                                                                                  2024-09-05 05:30:05 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  20192.168.2.54976713.107.246.404438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:06 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                                  Host: edgeassetservice.azureedge.net
                                                                                  Connection: keep-alive
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:06 UTC543INHTTP/1.1 200 OK
                                                                                  Date: Thu, 05 Sep 2024 05:30:06 GMT
                                                                                  Content-Type: image/png
                                                                                  Content-Length: 1154
                                                                                  Connection: close
                                                                                  Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                                  ETag: 0x8DBD5935D5B3965
                                                                                  x-ms-request-id: d980f417-701e-004a-5a07-ff5860000000
                                                                                  x-ms-version: 2009-09-19
                                                                                  x-ms-lease-status: unlocked
                                                                                  x-ms-blob-type: BlockBlob
                                                                                  x-azure-ref: 20240905T053006Z-165795675762gt5gbs4b9bazh80000000br0000000009h1q
                                                                                  Cache-Control: public, max-age=604800
                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                  X-Cache: TCP_HIT
                                                                                  X-Cache-Info: L1_T2
                                                                                  Accept-Ranges: bytes
                                                                                  2024-09-05 05:30:06 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  21192.168.2.54976813.107.246.404438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:06 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                                  Host: edgeassetservice.azureedge.net
                                                                                  Connection: keep-alive
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:06 UTC543INHTTP/1.1 200 OK
                                                                                  Date: Thu, 05 Sep 2024 05:30:06 GMT
                                                                                  Content-Type: image/png
                                                                                  Content-Length: 1468
                                                                                  Connection: close
                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                                  ETag: 0x8DBDCB5E23DFC43
                                                                                  x-ms-request-id: f8a0931b-601e-0038-3afc-fe295e000000
                                                                                  x-ms-version: 2009-09-19
                                                                                  x-ms-lease-status: unlocked
                                                                                  x-ms-blob-type: BlockBlob
                                                                                  x-azure-ref: 20240905T053006Z-16579567576l8zffr7mt4xy2un0000000bhg00000000eene
                                                                                  Cache-Control: public, max-age=604800
                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                  X-Cache: TCP_HIT
                                                                                  X-Cache-Info: L1_T2
                                                                                  Accept-Ranges: bytes
                                                                                  2024-09-05 05:30:06 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  22192.168.2.54976913.107.246.404438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:06 UTC478OUTGET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1
                                                                                  Host: edgeassetservice.azureedge.net
                                                                                  Connection: keep-alive
                                                                                  Edge-Asset-Group: ProductCategories
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:06 UTC559INHTTP/1.1 200 OK
                                                                                  Date: Thu, 05 Sep 2024 05:30:06 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 82989
                                                                                  Connection: close
                                                                                  Last-Modified: Thu, 25 May 2023 20:28:02 GMT
                                                                                  ETag: 0x8DB5D5E89CE25EB
                                                                                  x-ms-request-id: 6fdf05a2-e01e-000b-5f3a-ff7073000000
                                                                                  x-ms-version: 2009-09-19
                                                                                  x-ms-lease-status: unlocked
                                                                                  x-ms-blob-type: BlockBlob
                                                                                  x-azure-ref: 20240905T053006Z-16579567576w5bqfyu10zdac7g0000000brg000000007q53
                                                                                  Cache-Control: public, max-age=604800
                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                  X-Cache: TCP_HIT
                                                                                  X-Cache-Info: L1_T2
                                                                                  Accept-Ranges: bytes
                                                                                  2024-09-05 05:30:06 UTC15825INData Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d
                                                                                  Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
                                                                                  2024-09-05 05:30:06 UTC16384INData Raw: 69 64 65 6f 20 47 61 6d 65 73 12 1b 4e 69 6e 74 65 6e 64 6f 20 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a
                                                                                  Data Ascii: ideo GamesNintendo System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()
                                                                                  2024-09-05 05:30:06 UTC16384INData Raw: 26 20 47 61 72 61 67 65 12 1c 44 72 69 76 65 77 61 79 20 26 20 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70
                                                                                  Data Ascii: & GarageDriveway & Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup
                                                                                  2024-09-05 05:30:06 UTC16384INData Raw: 6f 63 6b 20 50 61 72 74 73 0a 1b 08 be 29 12 16 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e
                                                                                  Data Ascii: ock Parts)Lawn & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothin
                                                                                  2024-09-05 05:30:06 UTC16384INData Raw: 65 72 73 0a 27 08 a6 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c
                                                                                  Data Ascii: ers',"Sports & OutdoorsSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2El
                                                                                  2024-09-05 05:30:06 UTC1628INData Raw: 0b 44 56 44 20 50 6c 61 79 65 72 73 0a 34 08 dc 36 12 2f 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46
                                                                                  Data Ascii: DVD Players46/Car & GarageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home F


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  23192.168.2.54977113.85.23.86443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:11 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pXv2DxRdKyLrMnt&MD=+Dl1oAV+ HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Accept: */*
                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                  Host: slscr.update.microsoft.com
                                                                                  2024-09-05 05:30:11 UTC560INHTTP/1.1 200 OK
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Content-Type: application/octet-stream
                                                                                  Expires: -1
                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                  MS-CorrelationId: dffec701-6feb-4682-af0c-5ff64e7fc2e3
                                                                                  MS-RequestId: a636f4c1-d305-48bd-8e75-c9d6be54aa69
                                                                                  MS-CV: D+NcjAeSoUqNoOeP.0
                                                                                  X-Microsoft-SLSClientCache: 2880
                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Date: Thu, 05 Sep 2024 05:30:11 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 24490
                                                                                  2024-09-05 05:30:11 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                  2024-09-05 05:30:11 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  24192.168.2.54978913.85.23.86443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:49 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pXv2DxRdKyLrMnt&MD=+Dl1oAV+ HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Accept: */*
                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                  Host: slscr.update.microsoft.com
                                                                                  2024-09-05 05:30:50 UTC560INHTTP/1.1 200 OK
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Content-Type: application/octet-stream
                                                                                  Expires: -1
                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                  ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                  MS-CorrelationId: 8aee89d8-b54c-4d4a-be10-10ee7042c9d8
                                                                                  MS-RequestId: 218df6ca-87b8-4b5e-8295-2a3c3f996cb3
                                                                                  MS-CV: In91fZcmvk2R+KbV.0
                                                                                  X-Microsoft-SLSClientCache: 1440
                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Date: Thu, 05 Sep 2024 05:30:49 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 30005
                                                                                  2024-09-05 05:30:50 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                  Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                  2024-09-05 05:30:50 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                  Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  25192.168.2.54979123.200.0.94438184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-05 05:30:58 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                                  Host: bzib.nelreports.net
                                                                                  Connection: keep-alive
                                                                                  Origin: https://business.bing.com
                                                                                  Access-Control-Request-Method: POST
                                                                                  Access-Control-Request-Headers: content-type
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                  2024-09-05 05:30:58 UTC332INHTTP/1.1 429 Too Many Requests
                                                                                  Content-Length: 0
                                                                                  Date: Thu, 05 Sep 2024 05:30:58 GMT
                                                                                  Connection: close
                                                                                  PMUSER_FORMAT_QS:
                                                                                  X-CDN-TraceId: 0.09ac2d17.1725514258.22bf423a
                                                                                  Access-Control-Allow-Credentials: false
                                                                                  Access-Control-Allow-Methods: *
                                                                                  Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                  Access-Control-Allow-Origin: *


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:01:29:51
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                  Imagebase:0xa80000
                                                                                  File size:917'504 bytes
                                                                                  MD5 hash:B4A9996EC8D5882C8F42789EF25E16DB
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:1
                                                                                  Start time:01:29:51
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                  File size:4'210'216 bytes
                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:2
                                                                                  Start time:01:29:51
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                  Imagebase:0x7ff79f9e0000
                                                                                  File size:676'768 bytes
                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:4
                                                                                  Start time:01:29:52
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                                  Imagebase:0x7ff79f9e0000
                                                                                  File size:676'768 bytes
                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:6
                                                                                  Start time:01:29:52
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                  Imagebase:0x7ff79f9e0000
                                                                                  File size:676'768 bytes
                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:7
                                                                                  Start time:01:29:52
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2116,i,5697632899249799717,866239524462977966,262144 /prefetch:3
                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                  File size:4'210'216 bytes
                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:8
                                                                                  Start time:01:29:53
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                  File size:4'210'216 bytes
                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:9
                                                                                  Start time:01:29:54
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2788 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:3
                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                  File size:4'210'216 bytes
                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:12
                                                                                  Start time:01:29:57
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16868626-3d9f-465a-aaa9-6931ccbc0913} 7556 "\\.\pipe\gecko-crash-server-pipe.7556" 1ddb6a71110 socket
                                                                                  Imagebase:0x7ff79f9e0000
                                                                                  File size:676'768 bytes
                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:13
                                                                                  Start time:01:29:57
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6584 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                  File size:4'210'216 bytes
                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:14
                                                                                  Start time:01:29:58
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6676 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                  File size:4'210'216 bytes
                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:15
                                                                                  Start time:01:30:00
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4212 -parentBuildID 20230927232528 -prefsHandle 4580 -prefMapHandle 4576 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ad1efa2-3999-46d3-ace3-54c6a65f0c8c} 7556 "\\.\pipe\gecko-crash-server-pipe.7556" 1ddc96ebd10 rdd
                                                                                  Imagebase:0x7ff79f9e0000
                                                                                  File size:676'768 bytes
                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:16
                                                                                  Start time:01:30:02
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7000 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                  File size:4'210'216 bytes
                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:17
                                                                                  Start time:01:30:02
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7528 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                  File size:4'210'216 bytes
                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:18
                                                                                  Start time:01:30:03
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7336 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                  File size:4'210'216 bytes
                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:21
                                                                                  Start time:01:30:53
                                                                                  Start date:05/09/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5504 --field-trial-handle=2180,i,1321310978485618246,11663088203499436801,262144 /prefetch:8
                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                  File size:4'210'216 bytes
                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:false

                                                                                  Disassembly

                                                                                  Reset < >

                                                                                    Execution Graph

                                                                                    Execution Coverage:1.8%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:4.7%
                                                                                    Total number of Nodes:1413
                                                                                    Total number of Limit Nodes:44
                                                                                    execution_graph 95921 a81cad SystemParametersInfoW 95922 ac2ba5 95923 ac2baf 95922->95923 95924 a82b25 95922->95924 95968 a83a5a 95923->95968 95950 a82b83 7 API calls 95924->95950 95928 ac2bb8 95975 a89cb3 95928->95975 95931 a82b2f 95940 a82b44 95931->95940 95954 a83837 95931->95954 95932 ac2bc6 95933 ac2bce 95932->95933 95934 ac2bf5 95932->95934 95981 a833c6 95933->95981 95935 a833c6 22 API calls 95934->95935 95948 ac2bf1 GetForegroundWindow ShellExecuteW 95935->95948 95941 a82b5f 95940->95941 95964 a830f2 95940->95964 95946 a82b66 SetCurrentDirectoryW 95941->95946 95943 ac2c26 95943->95941 95945 ac2be7 95947 a833c6 22 API calls 95945->95947 95949 a82b7a 95946->95949 95947->95948 95948->95943 95991 a82cd4 7 API calls 95950->95991 95952 a82b2a 95953 a82c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95952->95953 95953->95931 95955 a83862 ___scrt_fastfail 95954->95955 95992 a84212 95955->95992 95959 ac3386 Shell_NotifyIconW 95960 a83906 Shell_NotifyIconW 95996 a83923 95960->95996 95961 a838e8 95961->95959 95961->95960 95963 a8391c 95963->95940 95965 a83154 95964->95965 95966 a83104 ___scrt_fastfail 95964->95966 95965->95941 95967 a83123 Shell_NotifyIconW 95966->95967 95967->95965 96085 ac1f50 95968->96085 95971 a89cb3 22 API calls 95972 a83a8d 95971->95972 96087 a83aa2 95972->96087 95974 a83a97 95974->95928 95976 a89cc2 _wcslen 95975->95976 95977 a9fe0b 22 API calls 95976->95977 95978 a89cea __fread_nolock 95977->95978 95979 a9fddb 22 API calls 95978->95979 95980 a89d00 95979->95980 95980->95932 95982 a833dd 95981->95982 95983 ac30bb 95981->95983 96107 a833ee 95982->96107 95984 a9fddb 22 API calls 95983->95984 95987 ac30c5 _wcslen 95984->95987 95986 a833e8 95990 a86350 22 API calls 95986->95990 95988 a9fe0b 22 API calls 95987->95988 95989 ac30fe __fread_nolock 95988->95989 95990->95945 95991->95952 95993 ac35a4 95992->95993 95994 a838b7 95992->95994 95993->95994 95995 ac35ad DestroyIcon 95993->95995 95994->95961 96018 aec874 42 API calls _strftime 95994->96018 95995->95994 95997 a8393f 95996->95997 95998 a83a13 95996->95998 96019 a86270 95997->96019 95998->95963 96001 a8395a 96024 a86b57 96001->96024 96002 ac3393 LoadStringW 96005 ac33ad 96002->96005 96004 a8396f 96006 a8397c 96004->96006 96007 ac33c9 96004->96007 96012 a83994 ___scrt_fastfail 96005->96012 96037 a8a8c7 22 API calls __fread_nolock 96005->96037 96006->96005 96009 a83986 96006->96009 96038 a86350 22 API calls 96007->96038 96036 a86350 22 API calls 96009->96036 96015 a839f9 Shell_NotifyIconW 96012->96015 96013 ac33d7 96013->96012 96014 a833c6 22 API calls 96013->96014 96016 ac33f9 96014->96016 96015->95998 96017 a833c6 22 API calls 96016->96017 96017->96012 96018->95961 96039 a9fe0b 96019->96039 96021 a86295 96049 a9fddb 96021->96049 96023 a8394d 96023->96001 96023->96002 96025 ac4ba1 96024->96025 96026 a86b67 _wcslen 96024->96026 96075 a893b2 96025->96075 96029 a86b7d 96026->96029 96030 a86ba2 96026->96030 96028 ac4baa 96028->96028 96074 a86f34 22 API calls 96029->96074 96032 a9fddb 22 API calls 96030->96032 96034 a86bae 96032->96034 96033 a86b85 __fread_nolock 96033->96004 96035 a9fe0b 22 API calls 96034->96035 96035->96033 96036->96012 96037->96012 96038->96013 96041 a9fddb 96039->96041 96042 a9fdfa 96041->96042 96045 a9fdfc 96041->96045 96059 aaea0c 96041->96059 96066 aa4ead 7 API calls 2 library calls 96041->96066 96042->96021 96044 aa066d 96068 aa32a4 RaiseException 96044->96068 96045->96044 96067 aa32a4 RaiseException 96045->96067 96048 aa068a 96048->96021 96052 a9fde0 96049->96052 96050 aaea0c ___std_exception_copy 21 API calls 96050->96052 96051 a9fdfa 96051->96023 96052->96050 96052->96051 96054 a9fdfc 96052->96054 96071 aa4ead 7 API calls 2 library calls 96052->96071 96055 aa066d 96054->96055 96072 aa32a4 RaiseException 96054->96072 96073 aa32a4 RaiseException 96055->96073 96057 aa068a 96057->96023 96064 ab3820 _abort 96059->96064 96060 ab385e 96070 aaf2d9 20 API calls _abort 96060->96070 96061 ab3849 RtlAllocateHeap 96063 ab385c 96061->96063 96061->96064 96063->96041 96064->96060 96064->96061 96069 aa4ead 7 API calls 2 library calls 96064->96069 96066->96041 96067->96044 96068->96048 96069->96064 96070->96063 96071->96052 96072->96055 96073->96057 96074->96033 96076 a893c0 96075->96076 96078 a893c9 __fread_nolock 96075->96078 96076->96078 96079 a8aec9 96076->96079 96078->96028 96080 a8aedc 96079->96080 96084 a8aed9 __fread_nolock 96079->96084 96081 a9fddb 22 API calls 96080->96081 96082 a8aee7 96081->96082 96083 a9fe0b 22 API calls 96082->96083 96083->96084 96084->96078 96086 a83a67 GetModuleFileNameW 96085->96086 96086->95971 96088 ac1f50 __wsopen_s 96087->96088 96089 a83aaf GetFullPathNameW 96088->96089 96090 a83ae9 96089->96090 96091 a83ace 96089->96091 96101 a8a6c3 96090->96101 96092 a86b57 22 API calls 96091->96092 96094 a83ada 96092->96094 96097 a837a0 96094->96097 96098 a837ae 96097->96098 96099 a893b2 22 API calls 96098->96099 96100 a837c2 96099->96100 96100->95974 96102 a8a6dd 96101->96102 96106 a8a6d0 96101->96106 96103 a9fddb 22 API calls 96102->96103 96104 a8a6e7 96103->96104 96105 a9fe0b 22 API calls 96104->96105 96105->96106 96106->96094 96108 a833fe _wcslen 96107->96108 96109 ac311d 96108->96109 96110 a83411 96108->96110 96112 a9fddb 22 API calls 96109->96112 96117 a8a587 96110->96117 96114 ac3127 96112->96114 96113 a8341e __fread_nolock 96113->95986 96115 a9fe0b 22 API calls 96114->96115 96116 ac3157 __fread_nolock 96115->96116 96118 a8a59d 96117->96118 96121 a8a598 __fread_nolock 96117->96121 96119 acf80f 96118->96119 96120 a9fe0b 22 API calls 96118->96120 96120->96121 96121->96113 96122 ab8402 96127 ab81be 96122->96127 96126 ab842a 96132 ab81ef try_get_first_available_module 96127->96132 96129 ab83ee 96146 ab27ec 26 API calls _abort 96129->96146 96131 ab8343 96131->96126 96139 ac0984 96131->96139 96138 ab8338 96132->96138 96142 aa8e0b 40 API calls 2 library calls 96132->96142 96134 ab838c 96134->96138 96143 aa8e0b 40 API calls 2 library calls 96134->96143 96136 ab83ab 96136->96138 96144 aa8e0b 40 API calls 2 library calls 96136->96144 96138->96131 96145 aaf2d9 20 API calls _abort 96138->96145 96147 ac0081 96139->96147 96141 ac099f 96141->96126 96142->96134 96143->96136 96144->96138 96145->96129 96146->96131 96148 ac008d ___BuildCatchObject 96147->96148 96149 ac009b 96148->96149 96152 ac00d4 96148->96152 96205 aaf2d9 20 API calls _abort 96149->96205 96151 ac00a0 96206 ab27ec 26 API calls _abort 96151->96206 96158 ac065b 96152->96158 96157 ac00aa __wsopen_s 96157->96141 96208 ac042f 96158->96208 96161 ac068d 96240 aaf2c6 20 API calls _abort 96161->96240 96162 ac06a6 96226 ab5221 96162->96226 96165 ac06ab 96166 ac06cb 96165->96166 96167 ac06b4 96165->96167 96239 ac039a CreateFileW 96166->96239 96242 aaf2c6 20 API calls _abort 96167->96242 96171 ac06b9 96243 aaf2d9 20 API calls _abort 96171->96243 96172 ac00f8 96207 ac0121 LeaveCriticalSection __wsopen_s 96172->96207 96174 ac0781 GetFileType 96175 ac078c GetLastError 96174->96175 96176 ac07d3 96174->96176 96246 aaf2a3 20 API calls __dosmaperr 96175->96246 96248 ab516a 21 API calls 2 library calls 96176->96248 96177 ac0692 96241 aaf2d9 20 API calls _abort 96177->96241 96178 ac0756 GetLastError 96245 aaf2a3 20 API calls __dosmaperr 96178->96245 96181 ac0704 96181->96174 96181->96178 96244 ac039a CreateFileW 96181->96244 96182 ac079a CloseHandle 96182->96177 96184 ac07c3 96182->96184 96247 aaf2d9 20 API calls _abort 96184->96247 96186 ac0749 96186->96174 96186->96178 96187 ac07f4 96189 ac0840 96187->96189 96249 ac05ab 72 API calls 3 library calls 96187->96249 96194 ac086d 96189->96194 96250 ac014d 72 API calls 4 library calls 96189->96250 96190 ac07c8 96190->96177 96193 ac0866 96193->96194 96195 ac087e 96193->96195 96251 ab86ae 96194->96251 96195->96172 96197 ac08fc CloseHandle 96195->96197 96266 ac039a CreateFileW 96197->96266 96199 ac0927 96200 ac0931 GetLastError 96199->96200 96201 ac095d 96199->96201 96267 aaf2a3 20 API calls __dosmaperr 96200->96267 96201->96172 96203 ac093d 96268 ab5333 21 API calls 2 library calls 96203->96268 96205->96151 96206->96157 96207->96157 96209 ac046a 96208->96209 96210 ac0450 96208->96210 96269 ac03bf 96209->96269 96210->96209 96276 aaf2d9 20 API calls _abort 96210->96276 96213 ac045f 96277 ab27ec 26 API calls _abort 96213->96277 96215 ac04a2 96216 ac04d1 96215->96216 96278 aaf2d9 20 API calls _abort 96215->96278 96224 ac0524 96216->96224 96280 aad70d 26 API calls 2 library calls 96216->96280 96219 ac051f 96221 ac059e 96219->96221 96219->96224 96220 ac04c6 96279 ab27ec 26 API calls _abort 96220->96279 96281 ab27fc 11 API calls _abort 96221->96281 96224->96161 96224->96162 96225 ac05aa 96227 ab522d ___BuildCatchObject 96226->96227 96284 ab2f5e EnterCriticalSection 96227->96284 96230 ab5259 96288 ab5000 96230->96288 96231 ab5234 96231->96230 96235 ab52c7 EnterCriticalSection 96231->96235 96238 ab527b 96231->96238 96232 ab52a4 __wsopen_s 96232->96165 96236 ab52d4 LeaveCriticalSection 96235->96236 96235->96238 96236->96231 96285 ab532a 96238->96285 96239->96181 96240->96177 96241->96172 96242->96171 96243->96177 96244->96186 96245->96177 96246->96182 96247->96190 96248->96187 96249->96189 96250->96193 96314 ab53c4 96251->96314 96253 ab86c4 96327 ab5333 21 API calls 2 library calls 96253->96327 96255 ab86be 96255->96253 96256 ab86f6 96255->96256 96259 ab53c4 __wsopen_s 26 API calls 96255->96259 96256->96253 96257 ab53c4 __wsopen_s 26 API calls 96256->96257 96260 ab8702 FindCloseChangeNotification 96257->96260 96258 ab871c 96261 ab873e 96258->96261 96328 aaf2a3 20 API calls __dosmaperr 96258->96328 96262 ab86ed 96259->96262 96260->96253 96263 ab870e GetLastError 96260->96263 96261->96172 96265 ab53c4 __wsopen_s 26 API calls 96262->96265 96263->96253 96265->96256 96266->96199 96267->96203 96268->96201 96271 ac03d7 96269->96271 96270 ac03f2 96270->96215 96271->96270 96282 aaf2d9 20 API calls _abort 96271->96282 96273 ac0416 96283 ab27ec 26 API calls _abort 96273->96283 96275 ac0421 96275->96215 96276->96213 96277->96209 96278->96220 96279->96216 96280->96219 96281->96225 96282->96273 96283->96275 96284->96231 96296 ab2fa6 LeaveCriticalSection 96285->96296 96287 ab5331 96287->96232 96297 ab4c7d 96288->96297 96290 ab5012 96294 ab501f 96290->96294 96304 ab3405 11 API calls 2 library calls 96290->96304 96292 ab5071 96292->96238 96295 ab5147 EnterCriticalSection 96292->96295 96305 ab29c8 96294->96305 96295->96238 96296->96287 96298 ab4c8a _abort 96297->96298 96299 ab4cca 96298->96299 96300 ab4cb5 RtlAllocateHeap 96298->96300 96311 aa4ead 7 API calls 2 library calls 96298->96311 96312 aaf2d9 20 API calls _abort 96299->96312 96300->96298 96301 ab4cc8 96300->96301 96301->96290 96304->96290 96306 ab29d3 RtlFreeHeap 96305->96306 96307 ab29fc __dosmaperr 96305->96307 96306->96307 96308 ab29e8 96306->96308 96307->96292 96313 aaf2d9 20 API calls _abort 96308->96313 96310 ab29ee GetLastError 96310->96307 96311->96298 96312->96301 96313->96310 96315 ab53d1 96314->96315 96317 ab53e6 96314->96317 96329 aaf2c6 20 API calls _abort 96315->96329 96321 ab540b 96317->96321 96331 aaf2c6 20 API calls _abort 96317->96331 96319 ab53d6 96330 aaf2d9 20 API calls _abort 96319->96330 96321->96255 96322 ab5416 96332 aaf2d9 20 API calls _abort 96322->96332 96323 ab53de 96323->96255 96325 ab541e 96333 ab27ec 26 API calls _abort 96325->96333 96327->96258 96328->96261 96329->96319 96330->96323 96331->96322 96332->96325 96333->96323 96334 a82de3 96335 a82df0 __wsopen_s 96334->96335 96336 a82e09 96335->96336 96337 ac2c2b ___scrt_fastfail 96335->96337 96338 a83aa2 23 API calls 96336->96338 96339 ac2c47 GetOpenFileNameW 96337->96339 96340 a82e12 96338->96340 96341 ac2c96 96339->96341 96350 a82da5 96340->96350 96343 a86b57 22 API calls 96341->96343 96345 ac2cab 96343->96345 96345->96345 96347 a82e27 96368 a844a8 96347->96368 96351 ac1f50 __wsopen_s 96350->96351 96352 a82db2 GetLongPathNameW 96351->96352 96353 a86b57 22 API calls 96352->96353 96354 a82dda 96353->96354 96355 a83598 96354->96355 96397 a8a961 96355->96397 96358 a83aa2 23 API calls 96359 a835b5 96358->96359 96360 ac32eb 96359->96360 96361 a835c0 96359->96361 96365 ac330d 96360->96365 96414 a9ce60 41 API calls 96360->96414 96402 a8515f 96361->96402 96367 a835df 96367->96347 96415 a84ecb 96368->96415 96371 ac3833 96437 af2cf9 96371->96437 96372 a84ecb 94 API calls 96374 a844e1 96372->96374 96374->96371 96376 a844e9 96374->96376 96375 ac3848 96377 ac384c 96375->96377 96378 ac3869 96375->96378 96380 ac3854 96376->96380 96381 a844f5 96376->96381 96464 a84f39 96377->96464 96379 a9fe0b 22 API calls 96378->96379 96396 ac38ae 96379->96396 96470 aeda5a 82 API calls 96380->96470 96463 a8940c 136 API calls 2 library calls 96381->96463 96385 ac3862 96385->96378 96386 a82e31 96387 a84f39 68 API calls 96390 ac3a5f 96387->96390 96390->96387 96476 ae989b 82 API calls __wsopen_s 96390->96476 96393 a89cb3 22 API calls 96393->96396 96396->96390 96396->96393 96471 ae967e 22 API calls __fread_nolock 96396->96471 96472 ae95ad 42 API calls _wcslen 96396->96472 96473 af0b5a 22 API calls 96396->96473 96474 a8a4a1 22 API calls __fread_nolock 96396->96474 96475 a83ff7 22 API calls 96396->96475 96398 a9fe0b 22 API calls 96397->96398 96399 a8a976 96398->96399 96400 a9fddb 22 API calls 96399->96400 96401 a835aa 96400->96401 96401->96358 96403 a8516e 96402->96403 96407 a8518f __fread_nolock 96402->96407 96405 a9fe0b 22 API calls 96403->96405 96404 a9fddb 22 API calls 96406 a835cc 96404->96406 96405->96407 96408 a835f3 96406->96408 96407->96404 96409 a83605 96408->96409 96413 a83624 __fread_nolock 96408->96413 96411 a9fe0b 22 API calls 96409->96411 96410 a9fddb 22 API calls 96412 a8363b 96410->96412 96411->96413 96412->96367 96413->96410 96414->96360 96477 a84e90 LoadLibraryA 96415->96477 96420 ac3ccf 96422 a84f39 68 API calls 96420->96422 96421 a84ef6 LoadLibraryExW 96485 a84e59 LoadLibraryA 96421->96485 96424 ac3cd6 96422->96424 96426 a84e59 3 API calls 96424->96426 96428 ac3cde 96426->96428 96507 a850f5 40 API calls __fread_nolock 96428->96507 96429 a84f20 96429->96428 96430 a84f2c 96429->96430 96431 a84f39 68 API calls 96430->96431 96433 a844cd 96431->96433 96433->96371 96433->96372 96434 ac3cf5 96508 af28fe 27 API calls 96434->96508 96436 ac3d05 96438 af2d15 96437->96438 96575 a8511f 64 API calls 96438->96575 96440 af2d29 96576 af2e66 75 API calls 96440->96576 96442 af2d3b 96460 af2d3f 96442->96460 96577 a850f5 40 API calls __fread_nolock 96442->96577 96444 af2d56 96578 a850f5 40 API calls __fread_nolock 96444->96578 96446 af2d66 96579 a850f5 40 API calls __fread_nolock 96446->96579 96448 af2d81 96580 a850f5 40 API calls __fread_nolock 96448->96580 96450 af2d9c 96581 a8511f 64 API calls 96450->96581 96452 af2db3 96453 aaea0c ___std_exception_copy 21 API calls 96452->96453 96454 af2dba 96453->96454 96455 aaea0c ___std_exception_copy 21 API calls 96454->96455 96456 af2dc4 96455->96456 96582 a850f5 40 API calls __fread_nolock 96456->96582 96458 af2dd8 96583 af28fe 27 API calls 96458->96583 96460->96375 96461 af2dee 96461->96460 96584 af22ce 96461->96584 96463->96386 96465 a84f4a 96464->96465 96466 a84f43 96464->96466 96468 a84f59 96465->96468 96469 a84f6a FreeLibrary 96465->96469 96467 aae678 67 API calls 96466->96467 96467->96465 96468->96380 96469->96468 96470->96385 96471->96396 96472->96396 96473->96396 96474->96396 96475->96396 96476->96390 96478 a84ea8 GetProcAddress 96477->96478 96479 a84ec6 96477->96479 96480 a84eb8 96478->96480 96482 aae5eb 96479->96482 96480->96479 96481 a84ebf FreeLibrary 96480->96481 96481->96479 96509 aae52a 96482->96509 96484 a84eea 96484->96420 96484->96421 96486 a84e8d 96485->96486 96487 a84e6e GetProcAddress 96485->96487 96490 a84f80 96486->96490 96488 a84e7e 96487->96488 96488->96486 96489 a84e86 FreeLibrary 96488->96489 96489->96486 96491 a9fe0b 22 API calls 96490->96491 96492 a84f95 96491->96492 96561 a85722 96492->96561 96494 a84fa1 __fread_nolock 96495 ac3d1d 96494->96495 96496 a850a5 96494->96496 96506 a84fdc 96494->96506 96572 af304d 74 API calls 96495->96572 96564 a842a2 CreateStreamOnHGlobal 96496->96564 96499 ac3d22 96573 a8511f 64 API calls 96499->96573 96502 ac3d45 96574 a850f5 40 API calls __fread_nolock 96502->96574 96505 a8506e messages 96505->96429 96506->96499 96506->96505 96570 a850f5 40 API calls __fread_nolock 96506->96570 96571 a8511f 64 API calls 96506->96571 96507->96434 96508->96436 96511 aae536 ___BuildCatchObject 96509->96511 96510 aae544 96534 aaf2d9 20 API calls _abort 96510->96534 96511->96510 96513 aae574 96511->96513 96515 aae579 96513->96515 96516 aae586 96513->96516 96514 aae549 96535 ab27ec 26 API calls _abort 96514->96535 96536 aaf2d9 20 API calls _abort 96515->96536 96526 ab8061 96516->96526 96520 aae58f 96521 aae5a2 96520->96521 96522 aae595 96520->96522 96538 aae5d4 LeaveCriticalSection __fread_nolock 96521->96538 96537 aaf2d9 20 API calls _abort 96522->96537 96523 aae554 __wsopen_s 96523->96484 96527 ab806d ___BuildCatchObject 96526->96527 96539 ab2f5e EnterCriticalSection 96527->96539 96529 ab807b 96540 ab80fb 96529->96540 96533 ab80ac __wsopen_s 96533->96520 96534->96514 96535->96523 96536->96523 96537->96523 96538->96523 96539->96529 96547 ab811e 96540->96547 96541 ab8177 96542 ab4c7d _abort 20 API calls 96541->96542 96543 ab8180 96542->96543 96545 ab29c8 _free 20 API calls 96543->96545 96546 ab8189 96545->96546 96549 ab8088 96546->96549 96558 ab3405 11 API calls 2 library calls 96546->96558 96547->96541 96547->96547 96547->96549 96556 aa918d EnterCriticalSection 96547->96556 96557 aa91a1 LeaveCriticalSection 96547->96557 96553 ab80b7 96549->96553 96550 ab81a8 96559 aa918d EnterCriticalSection 96550->96559 96560 ab2fa6 LeaveCriticalSection 96553->96560 96555 ab80be 96555->96533 96556->96547 96557->96547 96558->96550 96559->96549 96560->96555 96562 a9fddb 22 API calls 96561->96562 96563 a85734 96562->96563 96563->96494 96565 a842bc FindResourceExW 96564->96565 96569 a842d9 96564->96569 96566 ac35ba LoadResource 96565->96566 96565->96569 96567 ac35cf SizeofResource 96566->96567 96566->96569 96568 ac35e3 LockResource 96567->96568 96567->96569 96568->96569 96569->96506 96570->96506 96571->96506 96572->96499 96573->96502 96574->96505 96575->96440 96576->96442 96577->96444 96578->96446 96579->96448 96580->96450 96581->96452 96582->96458 96583->96461 96585 af22d9 96584->96585 96586 af22e7 96584->96586 96587 aae5eb 29 API calls 96585->96587 96588 af232c 96586->96588 96589 af22f0 96586->96589 96590 aae5eb 29 API calls 96586->96590 96587->96586 96613 af2557 40 API calls __fread_nolock 96588->96613 96589->96460 96591 af2311 96590->96591 96591->96588 96594 af231a 96591->96594 96593 af2370 96595 af2395 96593->96595 96596 af2374 96593->96596 96594->96589 96621 aae678 96594->96621 96614 af2171 96595->96614 96599 aae678 67 API calls 96596->96599 96601 af2381 96596->96601 96599->96601 96600 af239d 96603 af23c3 96600->96603 96604 af23a3 96600->96604 96601->96589 96602 aae678 67 API calls 96601->96602 96602->96589 96634 af23f3 74 API calls 96603->96634 96606 af23b0 96604->96606 96607 aae678 67 API calls 96604->96607 96606->96589 96608 aae678 67 API calls 96606->96608 96607->96606 96608->96589 96609 af23de 96609->96589 96612 aae678 67 API calls 96609->96612 96610 af23ca 96610->96609 96611 aae678 67 API calls 96610->96611 96611->96609 96612->96589 96613->96593 96615 aaea0c ___std_exception_copy 21 API calls 96614->96615 96616 af217f 96615->96616 96617 aaea0c ___std_exception_copy 21 API calls 96616->96617 96618 af2190 96617->96618 96619 aaea0c ___std_exception_copy 21 API calls 96618->96619 96620 af219c 96619->96620 96620->96600 96622 aae684 ___BuildCatchObject 96621->96622 96623 aae6aa 96622->96623 96624 aae695 96622->96624 96633 aae6a5 __wsopen_s 96623->96633 96635 aa918d EnterCriticalSection 96623->96635 96652 aaf2d9 20 API calls _abort 96624->96652 96626 aae69a 96653 ab27ec 26 API calls _abort 96626->96653 96629 aae6c6 96636 aae602 96629->96636 96631 aae6d1 96654 aae6ee LeaveCriticalSection __fread_nolock 96631->96654 96633->96589 96634->96610 96635->96629 96637 aae60f 96636->96637 96638 aae624 96636->96638 96687 aaf2d9 20 API calls _abort 96637->96687 96642 aae61f 96638->96642 96655 aadc0b 96638->96655 96641 aae614 96688 ab27ec 26 API calls _abort 96641->96688 96642->96631 96648 aae646 96672 ab862f 96648->96672 96651 ab29c8 _free 20 API calls 96651->96642 96652->96626 96653->96633 96654->96633 96656 aadc1f 96655->96656 96657 aadc23 96655->96657 96661 ab4d7a 96656->96661 96657->96656 96658 aad955 __fread_nolock 26 API calls 96657->96658 96659 aadc43 96658->96659 96689 ab59be 62 API calls 4 library calls 96659->96689 96662 ab4d90 96661->96662 96664 aae640 96661->96664 96663 ab29c8 _free 20 API calls 96662->96663 96662->96664 96663->96664 96665 aad955 96664->96665 96666 aad961 96665->96666 96667 aad976 96665->96667 96690 aaf2d9 20 API calls _abort 96666->96690 96667->96648 96669 aad966 96691 ab27ec 26 API calls _abort 96669->96691 96671 aad971 96671->96648 96673 ab863e 96672->96673 96676 ab8653 96672->96676 96695 aaf2c6 20 API calls _abort 96673->96695 96674 ab868e 96697 aaf2c6 20 API calls _abort 96674->96697 96676->96674 96680 ab867a 96676->96680 96678 ab8643 96696 aaf2d9 20 API calls _abort 96678->96696 96692 ab8607 96680->96692 96681 ab8693 96698 aaf2d9 20 API calls _abort 96681->96698 96684 aae64c 96684->96642 96684->96651 96685 ab869b 96699 ab27ec 26 API calls _abort 96685->96699 96687->96641 96688->96642 96689->96656 96690->96669 96691->96671 96700 ab8585 96692->96700 96694 ab862b 96694->96684 96695->96678 96696->96684 96697->96681 96698->96685 96699->96684 96701 ab8591 ___BuildCatchObject 96700->96701 96711 ab5147 EnterCriticalSection 96701->96711 96703 ab859f 96704 ab85d1 96703->96704 96705 ab85c6 96703->96705 96712 aaf2d9 20 API calls _abort 96704->96712 96707 ab86ae __wsopen_s 29 API calls 96705->96707 96708 ab85cc 96707->96708 96713 ab85fb LeaveCriticalSection __wsopen_s 96708->96713 96710 ab85ee __wsopen_s 96710->96694 96711->96703 96712->96708 96713->96710 96714 a81044 96719 a810f3 96714->96719 96716 a8104a 96755 aa00a3 29 API calls __onexit 96716->96755 96718 a81054 96756 a81398 96719->96756 96723 a8116a 96724 a8a961 22 API calls 96723->96724 96725 a81174 96724->96725 96726 a8a961 22 API calls 96725->96726 96727 a8117e 96726->96727 96728 a8a961 22 API calls 96727->96728 96729 a81188 96728->96729 96730 a8a961 22 API calls 96729->96730 96731 a811c6 96730->96731 96732 a8a961 22 API calls 96731->96732 96733 a81292 96732->96733 96766 a8171c 96733->96766 96737 a812c4 96738 a8a961 22 API calls 96737->96738 96739 a812ce 96738->96739 96787 a91940 96739->96787 96741 a812f9 96797 a81aab 96741->96797 96743 a81315 96744 a81325 GetStdHandle 96743->96744 96745 a8137a 96744->96745 96746 ac2485 96744->96746 96749 a81387 OleInitialize 96745->96749 96746->96745 96747 ac248e 96746->96747 96748 a9fddb 22 API calls 96747->96748 96750 ac2495 96748->96750 96749->96716 96804 af011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96750->96804 96752 ac249e 96805 af0944 CreateThread 96752->96805 96754 ac24aa CloseHandle 96754->96745 96755->96718 96806 a813f1 96756->96806 96759 a813f1 22 API calls 96760 a813d0 96759->96760 96761 a8a961 22 API calls 96760->96761 96762 a813dc 96761->96762 96763 a86b57 22 API calls 96762->96763 96764 a81129 96763->96764 96765 a81bc3 6 API calls 96764->96765 96765->96723 96767 a8a961 22 API calls 96766->96767 96768 a8172c 96767->96768 96769 a8a961 22 API calls 96768->96769 96770 a81734 96769->96770 96771 a8a961 22 API calls 96770->96771 96772 a8174f 96771->96772 96773 a9fddb 22 API calls 96772->96773 96774 a8129c 96773->96774 96775 a81b4a 96774->96775 96776 a81b58 96775->96776 96777 a8a961 22 API calls 96776->96777 96778 a81b63 96777->96778 96779 a8a961 22 API calls 96778->96779 96780 a81b6e 96779->96780 96781 a8a961 22 API calls 96780->96781 96782 a81b79 96781->96782 96783 a8a961 22 API calls 96782->96783 96784 a81b84 96783->96784 96785 a9fddb 22 API calls 96784->96785 96786 a81b96 RegisterWindowMessageW 96785->96786 96786->96737 96788 a91981 96787->96788 96790 a9195d 96787->96790 96813 aa0242 5 API calls __Init_thread_wait 96788->96813 96791 a9196e 96790->96791 96815 aa0242 5 API calls __Init_thread_wait 96790->96815 96791->96741 96792 a9198b 96792->96790 96814 aa01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96792->96814 96794 a98727 96794->96791 96816 aa01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96794->96816 96798 ac272d 96797->96798 96799 a81abb 96797->96799 96817 af3209 23 API calls 96798->96817 96800 a9fddb 22 API calls 96799->96800 96802 a81ac3 96800->96802 96802->96743 96803 ac2738 96804->96752 96805->96754 96818 af092a 28 API calls 96805->96818 96807 a8a961 22 API calls 96806->96807 96808 a813fc 96807->96808 96809 a8a961 22 API calls 96808->96809 96810 a81404 96809->96810 96811 a8a961 22 API calls 96810->96811 96812 a813c6 96811->96812 96812->96759 96813->96792 96814->96790 96815->96794 96816->96791 96817->96803 96819 ad2a00 96834 a8d7b0 messages 96819->96834 96820 a8db11 PeekMessageW 96820->96834 96821 a8d807 GetInputState 96821->96820 96821->96834 96822 ad1cbe TranslateAcceleratorW 96822->96834 96824 a8db8f PeekMessageW 96824->96834 96825 a8da04 timeGetTime 96825->96834 96826 a8db73 TranslateMessage DispatchMessageW 96826->96824 96827 a8dbaf Sleep 96845 a8dbc0 96827->96845 96828 ad2b74 Sleep 96828->96845 96829 a9e551 timeGetTime 96829->96845 96830 ad1dda timeGetTime 96970 a9e300 23 API calls 96830->96970 96833 ad2c0b GetExitCodeProcess 96838 ad2c37 CloseHandle 96833->96838 96839 ad2c21 WaitForSingleObject 96833->96839 96834->96820 96834->96821 96834->96822 96834->96824 96834->96825 96834->96826 96834->96827 96834->96828 96834->96830 96836 a8d9d5 96834->96836 96851 a8dd50 96834->96851 96858 a91310 96834->96858 96910 a8dfd0 185 API calls 3 library calls 96834->96910 96911 a8bf40 96834->96911 96969 a9edf6 IsDialogMessageW GetClassLongW 96834->96969 96971 af3a2a 23 API calls 96834->96971 96972 a8ec40 96834->96972 96996 af359c 82 API calls __wsopen_s 96834->96996 96835 b129bf GetForegroundWindow 96835->96845 96838->96845 96839->96834 96839->96838 96840 ad2a31 96840->96836 96841 ad2ca9 Sleep 96841->96834 96845->96829 96845->96833 96845->96834 96845->96835 96845->96836 96845->96840 96845->96841 96997 b05658 23 API calls 96845->96997 96998 aee97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96845->96998 96999 aed4dc CreateToolhelp32Snapshot Process32FirstW 96845->96999 96852 a8dd6f 96851->96852 96853 a8dd83 96851->96853 97009 a8d260 96852->97009 97042 af359c 82 API calls __wsopen_s 96853->97042 96855 a8dd7a 96855->96834 96857 ad2f75 96857->96857 96859 a917b0 96858->96859 96860 a91376 96858->96860 97064 aa0242 5 API calls __Init_thread_wait 96859->97064 96862 a91390 96860->96862 96863 ad6331 96860->96863 96867 a91940 9 API calls 96862->96867 96864 ad633d 96863->96864 97069 b0709c 185 API calls 96863->97069 96864->96834 96866 a917ba 96868 a917fb 96866->96868 96870 a89cb3 22 API calls 96866->96870 96869 a913a0 96867->96869 96873 ad6346 96868->96873 96875 a9182c 96868->96875 96871 a91940 9 API calls 96869->96871 96879 a917d4 96870->96879 96872 a913b6 96871->96872 96872->96868 96874 a913ec 96872->96874 97070 af359c 82 API calls __wsopen_s 96873->97070 96874->96873 96899 a91408 __fread_nolock 96874->96899 97066 a8aceb 23 API calls messages 96875->97066 96878 a91839 97067 a9d217 185 API calls 96878->97067 97065 aa01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96879->97065 96882 ad636e 97071 af359c 82 API calls __wsopen_s 96882->97071 96883 a9152f 96885 a9153c 96883->96885 96886 ad63d1 96883->96886 96888 a91940 9 API calls 96885->96888 97073 b05745 54 API calls _wcslen 96886->97073 96890 a91549 96888->96890 96889 a9fddb 22 API calls 96889->96899 96893 a91940 9 API calls 96890->96893 96905 a915c7 messages 96890->96905 96891 a91872 97068 a9faeb 23 API calls 96891->97068 96892 a9fe0b 22 API calls 96892->96899 96900 a91563 96893->96900 96894 a9171d 96894->96834 96897 a8ec40 185 API calls 96897->96899 96898 a9167b messages 96898->96894 97063 a9ce17 22 API calls messages 96898->97063 96899->96878 96899->96882 96899->96883 96899->96889 96899->96892 96899->96897 96901 ad63b2 96899->96901 96899->96905 96900->96905 97074 a8a8c7 22 API calls __fread_nolock 96900->97074 97072 af359c 82 API calls __wsopen_s 96901->97072 96902 a91940 9 API calls 96902->96905 96905->96891 96905->96898 96905->96902 97050 b0ac5b 96905->97050 97053 b0a2ea 96905->97053 97058 af5c5a 96905->97058 97075 af359c 82 API calls __wsopen_s 96905->97075 96910->96834 97140 a8adf0 96911->97140 96913 a8bf9d 96914 a8bfa9 96913->96914 96915 ad04b6 96913->96915 96917 ad04c6 96914->96917 96918 a8c01e 96914->96918 97159 af359c 82 API calls __wsopen_s 96915->97159 97160 af359c 82 API calls __wsopen_s 96917->97160 97145 a8ac91 96918->97145 96921 ad04f5 96924 ad055a 96921->96924 97161 a9d217 185 API calls 96921->97161 96923 a8c7da 96927 a9fe0b 22 API calls 96923->96927 96954 a8c603 96924->96954 97162 af359c 82 API calls __wsopen_s 96924->97162 96932 a8c808 __fread_nolock 96927->96932 96931 a8af8a 22 API calls 96967 a8c039 __fread_nolock messages 96931->96967 96933 a9fe0b 22 API calls 96932->96933 96966 a8c350 __fread_nolock messages 96933->96966 96934 ae7120 22 API calls 96934->96967 96935 ad091a 97172 af3209 23 API calls 96935->97172 96938 a8ec40 185 API calls 96938->96967 96939 ad08a5 96940 a8ec40 185 API calls 96939->96940 96941 ad08cf 96940->96941 96941->96954 97170 a8a81b 41 API calls 96941->97170 96943 ad0591 97163 af359c 82 API calls __wsopen_s 96943->97163 96947 ad08f6 97171 af359c 82 API calls __wsopen_s 96947->97171 96950 a8c237 96951 a8c253 96950->96951 97173 a8a8c7 22 API calls __fread_nolock 96950->97173 96955 ad0976 96951->96955 96958 a8c297 messages 96951->96958 96952 a9fe0b 22 API calls 96952->96967 96954->96834 97174 a8aceb 23 API calls messages 96955->97174 96961 ad09bf 96958->96961 97156 a8aceb 23 API calls messages 96958->97156 96959 a9fddb 22 API calls 96959->96967 96961->96954 97175 af359c 82 API calls __wsopen_s 96961->97175 96962 a8c335 96962->96961 96964 a8c342 96962->96964 96963 a8bbe0 40 API calls 96963->96967 97157 a8a704 22 API calls messages 96964->97157 96968 a8c3ac 96966->96968 97158 a9ce17 22 API calls messages 96966->97158 96967->96921 96967->96923 96967->96924 96967->96931 96967->96932 96967->96934 96967->96935 96967->96938 96967->96939 96967->96943 96967->96947 96967->96950 96967->96952 96967->96954 96967->96959 96967->96961 96967->96963 97149 a8ad81 96967->97149 97164 ae7099 22 API calls __fread_nolock 96967->97164 97165 b05745 54 API calls _wcslen 96967->97165 97166 a9aa42 22 API calls messages 96967->97166 97167 aef05c 40 API calls 96967->97167 97168 a8a993 41 API calls 96967->97168 97169 a8aceb 23 API calls messages 96967->97169 96968->96834 96969->96834 96970->96834 96971->96834 96975 a8ec76 messages 96972->96975 96973 aa0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96973->96975 96974 a9fddb 22 API calls 96974->96975 96975->96973 96975->96974 96976 a8fef7 96975->96976 96979 ad4600 96975->96979 96980 ad4b0b 96975->96980 96984 a8a8c7 22 API calls 96975->96984 96987 a8fbe3 96975->96987 96988 a8ed9d messages 96975->96988 96989 a8a961 22 API calls 96975->96989 96991 aa00a3 29 API calls pre_c_initialization 96975->96991 96993 ad4beb 96975->96993 96994 aa01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96975->96994 96995 a8f3ae messages 96975->96995 97185 a901e0 185 API calls 2 library calls 96975->97185 97186 a906a0 41 API calls messages 96975->97186 96976->96988 97188 a8a8c7 22 API calls __fread_nolock 96976->97188 96979->96988 97187 a8a8c7 22 API calls __fread_nolock 96979->97187 97190 af359c 82 API calls __wsopen_s 96980->97190 96984->96975 96987->96988 96990 ad4bdc 96987->96990 96987->96995 96988->96834 96989->96975 97191 af359c 82 API calls __wsopen_s 96990->97191 96991->96975 97192 af359c 82 API calls __wsopen_s 96993->97192 96994->96975 96995->96988 97189 af359c 82 API calls __wsopen_s 96995->97189 96996->96834 96997->96845 96998->96845 97193 aedef7 96999->97193 97001 aed5db FindCloseChangeNotification 97001->96845 97002 aed529 Process32NextW 97002->97001 97006 aed522 97002->97006 97003 a8a961 22 API calls 97003->97006 97004 a89cb3 22 API calls 97004->97006 97006->97001 97006->97002 97006->97003 97006->97004 97199 a8525f 22 API calls 97006->97199 97200 a86350 22 API calls 97006->97200 97201 a9ce60 41 API calls 97006->97201 97010 a8ec40 185 API calls 97009->97010 97029 a8d29d 97010->97029 97011 ad1bc4 97049 af359c 82 API calls __wsopen_s 97011->97049 97013 a8d30b messages 97013->96855 97014 a8d3c3 97016 a8d6d5 97014->97016 97017 a8d3ce 97014->97017 97015 a8d5ff 97019 ad1bb5 97015->97019 97020 a8d614 97015->97020 97016->97013 97025 a9fe0b 22 API calls 97016->97025 97018 a9fddb 22 API calls 97017->97018 97031 a8d3d5 __fread_nolock 97018->97031 97048 b05705 23 API calls 97019->97048 97024 a9fddb 22 API calls 97020->97024 97021 a8d4b8 97026 a9fe0b 22 API calls 97021->97026 97022 a8d429 __fread_nolock messages 97022->97015 97028 a8d61b 97022->97028 97034 ad1ba4 97022->97034 97035 a8d46a 97022->97035 97038 ad1b7f 97022->97038 97040 ad1b5d 97022->97040 97044 a81f6f 185 API calls 97022->97044 97024->97028 97025->97031 97026->97022 97027 a9fddb 22 API calls 97030 a8d3f6 97027->97030 97028->96855 97029->97011 97029->97013 97029->97014 97029->97016 97029->97021 97029->97022 97032 a9fddb 22 API calls 97029->97032 97030->97022 97043 a8bec0 185 API calls 97030->97043 97031->97027 97031->97030 97032->97029 97047 af359c 82 API calls __wsopen_s 97034->97047 97035->96855 97046 af359c 82 API calls __wsopen_s 97038->97046 97045 af359c 82 API calls __wsopen_s 97040->97045 97042->96857 97043->97022 97044->97022 97045->97028 97046->97028 97047->97028 97048->97011 97049->97013 97076 b0ad64 97050->97076 97052 b0ac6f 97052->96905 97054 a87510 53 API calls 97053->97054 97055 b0a306 97054->97055 97056 aed4dc 47 API calls 97055->97056 97057 b0a315 97056->97057 97057->96905 97059 a87510 53 API calls 97058->97059 97060 af5c6d 97059->97060 97135 aedbbe lstrlenW 97060->97135 97062 af5c77 97062->96905 97063->96898 97064->96866 97065->96868 97066->96878 97067->96891 97068->96891 97069->96864 97070->96905 97071->96905 97072->96905 97073->96900 97074->96905 97075->96905 97077 a8a961 22 API calls 97076->97077 97078 b0ad77 ___scrt_fastfail 97077->97078 97079 a87510 53 API calls 97078->97079 97094 b0adce 97078->97094 97081 b0adab 97079->97081 97080 b0adee 97083 b0ae3a 97080->97083 97085 a87510 53 API calls 97080->97085 97087 a87510 53 API calls 97081->97087 97081->97094 97082 a87510 53 API calls 97084 b0ade4 97082->97084 97091 b0ae4d ___scrt_fastfail 97083->97091 97130 a8b567 39 API calls 97083->97130 97128 a87620 22 API calls _wcslen 97084->97128 97086 b0ae04 97085->97086 97086->97083 97096 a87510 53 API calls 97086->97096 97089 b0adc4 97087->97089 97127 a87620 22 API calls _wcslen 97089->97127 97104 a87510 97091->97104 97094->97080 97094->97082 97097 b0ae28 97096->97097 97097->97083 97129 a8a8c7 22 API calls __fread_nolock 97097->97129 97099 b0aec8 97099->97052 97100 b0aeb0 97100->97099 97101 b0af35 GetProcessId 97100->97101 97102 b0af48 97101->97102 97103 b0af58 CloseHandle 97102->97103 97103->97099 97105 a87525 97104->97105 97121 a87522 ShellExecuteExW 97104->97121 97106 a8755b 97105->97106 97107 a8752d 97105->97107 97109 a8756d 97106->97109 97116 ac50f6 97106->97116 97118 ac500f 97106->97118 97131 aa51c6 26 API calls 97107->97131 97132 a9fb21 51 API calls 97109->97132 97112 a8753d 97115 a9fddb 22 API calls 97112->97115 97113 ac510e 97113->97113 97117 a87547 97115->97117 97134 aa5183 26 API calls 97116->97134 97119 a89cb3 22 API calls 97117->97119 97120 a9fe0b 22 API calls 97118->97120 97126 ac5088 97118->97126 97119->97121 97122 ac5058 97120->97122 97121->97100 97123 a9fddb 22 API calls 97122->97123 97124 ac507f 97123->97124 97125 a89cb3 22 API calls 97124->97125 97125->97126 97133 a9fb21 51 API calls 97126->97133 97127->97094 97128->97080 97129->97083 97130->97091 97131->97112 97132->97112 97133->97116 97134->97113 97136 aedbdc GetFileAttributesW 97135->97136 97137 aedc06 97135->97137 97136->97137 97138 aedbe8 FindFirstFileW 97136->97138 97137->97062 97138->97137 97139 aedbf9 FindClose 97138->97139 97139->97137 97141 a8ae01 97140->97141 97144 a8ae1c messages 97140->97144 97142 a8aec9 22 API calls 97141->97142 97143 a8ae09 CharUpperBuffW 97142->97143 97143->97144 97144->96913 97146 a8acae 97145->97146 97147 a8acd1 97146->97147 97176 af359c 82 API calls __wsopen_s 97146->97176 97147->96967 97150 acfadb 97149->97150 97151 a8ad92 97149->97151 97152 a9fddb 22 API calls 97151->97152 97153 a8ad99 97152->97153 97177 a8adcd 97153->97177 97156->96962 97157->96966 97158->96966 97159->96917 97160->96954 97161->96924 97162->96954 97163->96954 97164->96967 97165->96967 97166->96967 97167->96967 97168->96967 97169->96967 97170->96947 97171->96954 97172->96950 97173->96951 97174->96961 97175->96954 97176->97147 97180 a8addd 97177->97180 97178 a8adb6 97178->96967 97179 a9fddb 22 API calls 97179->97180 97180->97178 97180->97179 97181 a8a961 22 API calls 97180->97181 97183 a8adcd 22 API calls 97180->97183 97184 a8a8c7 22 API calls __fread_nolock 97180->97184 97181->97180 97183->97180 97184->97180 97185->96975 97186->96975 97187->96988 97188->96988 97189->96988 97190->96988 97191->96993 97192->96988 97194 aedf02 97193->97194 97195 aedf19 97194->97195 97198 aedf1f 97194->97198 97202 aa63b2 GetStringTypeW _strftime 97194->97202 97203 aa62fb 39 API calls _strftime 97195->97203 97198->97006 97199->97006 97200->97006 97201->97006 97202->97194 97203->97198 97204 ac2402 97207 a81410 97204->97207 97208 ac24b8 DestroyWindow 97207->97208 97209 a8144f mciSendStringW 97207->97209 97222 ac24c4 97208->97222 97210 a8146b 97209->97210 97211 a816c6 97209->97211 97212 a81479 97210->97212 97210->97222 97211->97210 97213 a816d5 UnregisterHotKey 97211->97213 97240 a8182e 97212->97240 97213->97211 97215 ac24d8 97215->97222 97246 a86246 CloseHandle 97215->97246 97216 ac24e2 FindClose 97216->97222 97218 ac2509 97221 ac251c FreeLibrary 97218->97221 97223 ac252d 97218->97223 97220 a8148e 97220->97223 97229 a8149c 97220->97229 97221->97218 97222->97215 97222->97216 97222->97218 97224 ac2541 VirtualFree 97223->97224 97231 a81509 97223->97231 97224->97223 97225 a814f8 OleUninitialize 97225->97231 97226 ac2589 97233 ac2598 messages 97226->97233 97247 af32eb 6 API calls messages 97226->97247 97227 a81514 97230 a81524 97227->97230 97229->97225 97244 a81944 VirtualFreeEx CloseHandle 97230->97244 97231->97226 97231->97227 97236 ac2627 97233->97236 97248 ae64d4 22 API calls messages 97233->97248 97235 a8153a 97235->97233 97237 a8161f 97235->97237 97236->97236 97237->97236 97245 a81876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97237->97245 97239 a816c1 97241 a8183b 97240->97241 97242 a81480 97241->97242 97249 ae702a 22 API calls 97241->97249 97242->97218 97242->97220 97244->97235 97245->97239 97246->97215 97247->97226 97248->97233 97249->97241 97250 a81098 97255 a842de 97250->97255 97254 a810a7 97256 a8a961 22 API calls 97255->97256 97257 a842f5 GetVersionExW 97256->97257 97258 a86b57 22 API calls 97257->97258 97259 a84342 97258->97259 97260 a893b2 22 API calls 97259->97260 97267 a84378 97259->97267 97261 a8436c 97260->97261 97262 a837a0 22 API calls 97261->97262 97262->97267 97263 a8441b GetCurrentProcess IsWow64Process 97264 a84437 97263->97264 97265 a8444f LoadLibraryA 97264->97265 97266 ac3824 GetSystemInfo 97264->97266 97268 a8449c GetSystemInfo 97265->97268 97269 a84460 GetProcAddress 97265->97269 97267->97263 97271 ac37df 97267->97271 97270 a84476 97268->97270 97269->97268 97272 a84470 GetNativeSystemInfo 97269->97272 97273 a8447a FreeLibrary 97270->97273 97274 a8109d 97270->97274 97272->97270 97273->97274 97275 aa00a3 29 API calls __onexit 97274->97275 97275->97254 97276 aa03fb 97277 aa0407 ___BuildCatchObject 97276->97277 97305 a9feb1 97277->97305 97279 aa040e 97280 aa0561 97279->97280 97283 aa0438 97279->97283 97335 aa083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97280->97335 97282 aa0568 97328 aa4e52 97282->97328 97292 aa0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97283->97292 97316 ab247d 97283->97316 97290 aa0457 97296 aa04d8 97292->97296 97331 aa4e1a 38 API calls 2 library calls 97292->97331 97294 aa04de 97297 aa04f3 97294->97297 97324 aa0959 97296->97324 97332 aa0992 GetModuleHandleW 97297->97332 97299 aa04fa 97299->97282 97300 aa04fe 97299->97300 97301 aa0507 97300->97301 97333 aa4df5 28 API calls _abort 97300->97333 97334 aa0040 13 API calls 2 library calls 97301->97334 97304 aa050f 97304->97290 97306 a9feba 97305->97306 97337 aa0698 IsProcessorFeaturePresent 97306->97337 97308 a9fec6 97338 aa2c94 10 API calls 3 library calls 97308->97338 97310 a9fecb 97311 a9fecf 97310->97311 97339 ab2317 97310->97339 97311->97279 97314 a9fee6 97314->97279 97317 ab2494 97316->97317 97318 aa0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97317->97318 97319 aa0451 97318->97319 97319->97290 97320 ab2421 97319->97320 97322 ab2450 97320->97322 97321 aa0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97323 ab2479 97321->97323 97322->97321 97323->97292 97390 aa2340 97324->97390 97327 aa097f 97327->97294 97392 aa4bcf 97328->97392 97331->97296 97332->97299 97333->97301 97334->97304 97335->97282 97337->97308 97338->97310 97343 abd1f6 97339->97343 97342 aa2cbd 8 API calls 3 library calls 97342->97311 97346 abd213 97343->97346 97347 abd20f 97343->97347 97345 a9fed8 97345->97314 97345->97342 97346->97347 97349 ab4bfb 97346->97349 97361 aa0a8c 97347->97361 97350 ab4c07 ___BuildCatchObject 97349->97350 97368 ab2f5e EnterCriticalSection 97350->97368 97352 ab4c0e 97369 ab50af 97352->97369 97354 ab4c1d 97355 ab4c2c 97354->97355 97382 ab4a8f 29 API calls 97354->97382 97384 ab4c48 LeaveCriticalSection _abort 97355->97384 97358 ab4c27 97383 ab4b45 GetStdHandle GetFileType 97358->97383 97359 ab4c3d __wsopen_s 97359->97346 97362 aa0a97 IsProcessorFeaturePresent 97361->97362 97363 aa0a95 97361->97363 97365 aa0c5d 97362->97365 97363->97345 97389 aa0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97365->97389 97367 aa0d40 97367->97345 97368->97352 97370 ab50bb ___BuildCatchObject 97369->97370 97371 ab50c8 97370->97371 97372 ab50df 97370->97372 97386 aaf2d9 20 API calls _abort 97371->97386 97385 ab2f5e EnterCriticalSection 97372->97385 97375 ab50eb 97380 ab5000 __wsopen_s 21 API calls 97375->97380 97381 ab5117 97375->97381 97376 ab50cd 97387 ab27ec 26 API calls _abort 97376->97387 97379 ab50d7 __wsopen_s 97379->97354 97380->97375 97388 ab513e LeaveCriticalSection _abort 97381->97388 97382->97358 97383->97355 97384->97359 97385->97375 97386->97376 97387->97379 97388->97379 97389->97367 97391 aa096c GetStartupInfoW 97390->97391 97391->97327 97393 aa4bdb _abort 97392->97393 97394 aa4be2 97393->97394 97395 aa4bf4 97393->97395 97431 aa4d29 GetModuleHandleW 97394->97431 97416 ab2f5e EnterCriticalSection 97395->97416 97398 aa4be7 97398->97395 97432 aa4d6d GetModuleHandleExW 97398->97432 97399 aa4c99 97420 aa4cd9 97399->97420 97403 aa4c70 97407 aa4c88 97403->97407 97411 ab2421 _abort 5 API calls 97403->97411 97405 aa4ce2 97440 ac1d29 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 97405->97440 97406 aa4cb6 97423 aa4ce8 97406->97423 97412 ab2421 _abort 5 API calls 97407->97412 97411->97407 97412->97399 97413 aa4bfb 97413->97399 97413->97403 97417 ab21a8 97413->97417 97416->97413 97441 ab1ee1 97417->97441 97460 ab2fa6 LeaveCriticalSection 97420->97460 97422 aa4cb2 97422->97405 97422->97406 97461 ab360c 97423->97461 97426 aa4d16 97429 aa4d6d _abort 8 API calls 97426->97429 97427 aa4cf6 GetPEB 97427->97426 97428 aa4d06 GetCurrentProcess TerminateProcess 97427->97428 97428->97426 97430 aa4d1e ExitProcess 97429->97430 97431->97398 97433 aa4dba 97432->97433 97434 aa4d97 GetProcAddress 97432->97434 97436 aa4dc9 97433->97436 97437 aa4dc0 FreeLibrary 97433->97437 97435 aa4dac 97434->97435 97435->97433 97438 aa0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97436->97438 97437->97436 97439 aa4bf3 97438->97439 97439->97395 97444 ab1e90 97441->97444 97443 ab1f05 97443->97403 97445 ab1e9c ___BuildCatchObject 97444->97445 97452 ab2f5e EnterCriticalSection 97445->97452 97447 ab1eaa 97453 ab1f31 97447->97453 97451 ab1ec8 __wsopen_s 97451->97443 97452->97447 97454 ab1f51 97453->97454 97457 ab1f59 97453->97457 97455 aa0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97454->97455 97456 ab1eb7 97455->97456 97459 ab1ed5 LeaveCriticalSection _abort 97456->97459 97457->97454 97458 ab29c8 _free 20 API calls 97457->97458 97458->97454 97459->97451 97460->97422 97462 ab3631 97461->97462 97463 ab3627 97461->97463 97468 ab2fd7 5 API calls 2 library calls 97462->97468 97465 aa0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97463->97465 97466 aa4cf2 97465->97466 97466->97426 97466->97427 97467 ab3648 97467->97463 97468->97467 97469 a8105b 97474 a8344d 97469->97474 97471 a8106a 97505 aa00a3 29 API calls __onexit 97471->97505 97473 a81074 97475 a8345d __wsopen_s 97474->97475 97476 a8a961 22 API calls 97475->97476 97477 a83513 97476->97477 97478 a83a5a 24 API calls 97477->97478 97479 a8351c 97478->97479 97506 a83357 97479->97506 97482 a833c6 22 API calls 97483 a83535 97482->97483 97484 a8515f 22 API calls 97483->97484 97485 a83544 97484->97485 97486 a8a961 22 API calls 97485->97486 97487 a8354d 97486->97487 97488 a8a6c3 22 API calls 97487->97488 97489 a83556 RegOpenKeyExW 97488->97489 97490 ac3176 RegQueryValueExW 97489->97490 97494 a83578 97489->97494 97491 ac320c RegCloseKey 97490->97491 97492 ac3193 97490->97492 97491->97494 97504 ac321e _wcslen 97491->97504 97493 a9fe0b 22 API calls 97492->97493 97495 ac31ac 97493->97495 97494->97471 97497 a85722 22 API calls 97495->97497 97496 a84c6d 22 API calls 97496->97504 97498 ac31b7 RegQueryValueExW 97497->97498 97499 ac31d4 97498->97499 97501 ac31ee messages 97498->97501 97500 a86b57 22 API calls 97499->97500 97500->97501 97501->97491 97502 a89cb3 22 API calls 97502->97504 97503 a8515f 22 API calls 97503->97504 97504->97494 97504->97496 97504->97502 97504->97503 97505->97473 97507 ac1f50 __wsopen_s 97506->97507 97508 a83364 GetFullPathNameW 97507->97508 97509 a83386 97508->97509 97510 a86b57 22 API calls 97509->97510 97511 a833a4 97510->97511 97511->97482 97512 a8f7bf 97513 a8f7d3 97512->97513 97514 a8fcb6 97512->97514 97516 a8fcc2 97513->97516 97517 a9fddb 22 API calls 97513->97517 97549 a8aceb 23 API calls messages 97514->97549 97550 a8aceb 23 API calls messages 97516->97550 97519 a8f7e5 97517->97519 97519->97516 97520 a8f83e 97519->97520 97521 a8fd3d 97519->97521 97523 a91310 185 API calls 97520->97523 97538 a8ed9d messages 97520->97538 97551 af1155 22 API calls 97521->97551 97545 a8ec76 messages 97523->97545 97524 a9fddb 22 API calls 97524->97545 97525 a8fef7 97525->97538 97553 a8a8c7 22 API calls __fread_nolock 97525->97553 97528 ad4600 97528->97538 97552 a8a8c7 22 API calls __fread_nolock 97528->97552 97529 ad4b0b 97555 af359c 82 API calls __wsopen_s 97529->97555 97530 a8a8c7 22 API calls 97530->97545 97536 a8fbe3 97536->97538 97539 ad4bdc 97536->97539 97546 a8f3ae messages 97536->97546 97537 a8a961 22 API calls 97537->97545 97556 af359c 82 API calls __wsopen_s 97539->97556 97540 aa00a3 29 API calls pre_c_initialization 97540->97545 97542 aa0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97542->97545 97543 ad4beb 97557 af359c 82 API calls __wsopen_s 97543->97557 97544 aa01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97544->97545 97545->97524 97545->97525 97545->97528 97545->97529 97545->97530 97545->97536 97545->97537 97545->97538 97545->97540 97545->97542 97545->97543 97545->97544 97545->97546 97547 a901e0 185 API calls 2 library calls 97545->97547 97548 a906a0 41 API calls messages 97545->97548 97546->97538 97554 af359c 82 API calls __wsopen_s 97546->97554 97547->97545 97548->97545 97549->97516 97550->97521 97551->97538 97552->97538 97553->97538 97554->97538 97555->97538 97556->97543 97557->97538 97558 ad3f75 97569 a9ceb1 97558->97569 97560 ad3f8b 97561 ad4006 97560->97561 97578 a9e300 23 API calls 97560->97578 97563 a8bf40 185 API calls 97561->97563 97564 ad4052 97563->97564 97568 ad4a88 97564->97568 97580 af359c 82 API calls __wsopen_s 97564->97580 97566 ad3fe6 97566->97564 97579 af1abf 22 API calls 97566->97579 97570 a9cebf 97569->97570 97571 a9ced2 97569->97571 97581 a8aceb 23 API calls messages 97570->97581 97573 a9cf05 97571->97573 97574 a9ced7 97571->97574 97582 a8aceb 23 API calls messages 97573->97582 97576 a9fddb 22 API calls 97574->97576 97577 a9cec9 97576->97577 97577->97560 97578->97566 97579->97561 97580->97568 97581->97577 97582->97577 97583 a81033 97588 a84c91 97583->97588 97587 a81042 97589 a8a961 22 API calls 97588->97589 97590 a84cff 97589->97590 97596 a83af0 97590->97596 97593 a84d9c 97594 a81038 97593->97594 97599 a851f7 22 API calls __fread_nolock 97593->97599 97595 aa00a3 29 API calls __onexit 97594->97595 97595->97587 97600 a83b1c 97596->97600 97599->97593 97601 a83b0f 97600->97601 97602 a83b29 97600->97602 97601->97593 97602->97601 97603 a83b30 RegOpenKeyExW 97602->97603 97603->97601 97604 a83b4a RegQueryValueExW 97603->97604 97605 a83b6b 97604->97605 97606 a83b80 RegCloseKey 97604->97606 97605->97606 97606->97601 97607 a83156 97610 a83170 97607->97610 97611 a83187 97610->97611 97612 a831eb 97611->97612 97613 a8318c 97611->97613 97650 a831e9 97611->97650 97615 ac2dfb 97612->97615 97616 a831f1 97612->97616 97617 a83199 97613->97617 97618 a83265 PostQuitMessage 97613->97618 97614 a831d0 DefWindowProcW 97652 a8316a 97614->97652 97658 a818e2 10 API calls 97615->97658 97619 a831f8 97616->97619 97620 a8321d SetTimer RegisterWindowMessageW 97616->97620 97622 ac2e7c 97617->97622 97623 a831a4 97617->97623 97618->97652 97624 ac2d9c 97619->97624 97625 a83201 KillTimer 97619->97625 97627 a83246 CreatePopupMenu 97620->97627 97620->97652 97662 aebf30 34 API calls ___scrt_fastfail 97622->97662 97628 ac2e68 97623->97628 97629 a831ae 97623->97629 97631 ac2dd7 MoveWindow 97624->97631 97632 ac2da1 97624->97632 97633 a830f2 Shell_NotifyIconW 97625->97633 97626 ac2e1c 97659 a9e499 42 API calls 97626->97659 97627->97652 97661 aec161 27 API calls ___scrt_fastfail 97628->97661 97636 ac2e4d 97629->97636 97637 a831b9 97629->97637 97631->97652 97639 ac2dc6 SetFocus 97632->97639 97640 ac2da7 97632->97640 97641 a83214 97633->97641 97636->97614 97660 ae0ad7 22 API calls 97636->97660 97642 a83253 97637->97642 97643 a831c4 97637->97643 97638 ac2e8e 97638->97614 97638->97652 97639->97652 97640->97643 97644 ac2db0 97640->97644 97655 a83c50 DeleteObject DestroyWindow 97641->97655 97656 a8326f 44 API calls ___scrt_fastfail 97642->97656 97643->97614 97651 a830f2 Shell_NotifyIconW 97643->97651 97657 a818e2 10 API calls 97644->97657 97648 a83263 97648->97652 97650->97614 97653 ac2e41 97651->97653 97654 a83837 49 API calls 97653->97654 97654->97650 97655->97652 97656->97648 97657->97652 97658->97626 97659->97643 97660->97650 97661->97648 97662->97638 97663 a82e37 97664 a8a961 22 API calls 97663->97664 97665 a82e4d 97664->97665 97742 a84ae3 97665->97742 97667 a82e6b 97668 a83a5a 24 API calls 97667->97668 97669 a82e7f 97668->97669 97670 a89cb3 22 API calls 97669->97670 97671 a82e8c 97670->97671 97672 a84ecb 94 API calls 97671->97672 97673 a82ea5 97672->97673 97674 a82ead 97673->97674 97675 ac2cb0 97673->97675 97756 a8a8c7 22 API calls __fread_nolock 97674->97756 97676 af2cf9 80 API calls 97675->97676 97677 ac2cc3 97676->97677 97679 ac2ccf 97677->97679 97681 a84f39 68 API calls 97677->97681 97684 a84f39 68 API calls 97679->97684 97680 a82ec3 97757 a86f88 22 API calls 97680->97757 97681->97679 97683 a82ecf 97685 a89cb3 22 API calls 97683->97685 97686 ac2ce5 97684->97686 97687 a82edc 97685->97687 97774 a83084 22 API calls 97686->97774 97758 a8a81b 41 API calls 97687->97758 97690 a82eec 97692 a89cb3 22 API calls 97690->97692 97691 ac2d02 97775 a83084 22 API calls 97691->97775 97694 a82f12 97692->97694 97759 a8a81b 41 API calls 97694->97759 97695 ac2d1e 97697 a83a5a 24 API calls 97695->97697 97699 ac2d44 97697->97699 97698 a82f21 97701 a8a961 22 API calls 97698->97701 97776 a83084 22 API calls 97699->97776 97703 a82f3f 97701->97703 97702 ac2d50 97777 a8a8c7 22 API calls __fread_nolock 97702->97777 97760 a83084 22 API calls 97703->97760 97706 ac2d5e 97778 a83084 22 API calls 97706->97778 97708 a82f4b 97761 aa4a28 40 API calls 3 library calls 97708->97761 97709 ac2d6d 97779 a8a8c7 22 API calls __fread_nolock 97709->97779 97711 a82f59 97711->97686 97712 a82f63 97711->97712 97762 aa4a28 40 API calls 3 library calls 97712->97762 97715 ac2d83 97780 a83084 22 API calls 97715->97780 97716 a82f6e 97716->97691 97718 a82f78 97716->97718 97763 aa4a28 40 API calls 3 library calls 97718->97763 97719 ac2d90 97721 a82f83 97721->97695 97722 a82f8d 97721->97722 97764 aa4a28 40 API calls 3 library calls 97722->97764 97724 a82f98 97725 a82fdc 97724->97725 97765 a83084 22 API calls 97724->97765 97725->97709 97726 a82fe8 97725->97726 97726->97719 97768 a863eb 22 API calls 97726->97768 97728 a82fbf 97766 a8a8c7 22 API calls __fread_nolock 97728->97766 97731 a82ff8 97769 a86a50 22 API calls 97731->97769 97732 a82fcd 97767 a83084 22 API calls 97732->97767 97735 a83006 97770 a870b0 23 API calls 97735->97770 97739 a83021 97740 a83065 97739->97740 97771 a86f88 22 API calls 97739->97771 97772 a870b0 23 API calls 97739->97772 97773 a83084 22 API calls 97739->97773 97743 a84af0 __wsopen_s 97742->97743 97744 a86b57 22 API calls 97743->97744 97745 a84b22 97743->97745 97744->97745 97755 a84b58 97745->97755 97781 a84c6d 97745->97781 97747 a89cb3 22 API calls 97749 a84c52 97747->97749 97748 a89cb3 22 API calls 97748->97755 97751 a8515f 22 API calls 97749->97751 97750 a84c6d 22 API calls 97750->97755 97753 a84c5e 97751->97753 97752 a8515f 22 API calls 97752->97755 97753->97667 97754 a84c29 97754->97747 97754->97753 97755->97748 97755->97750 97755->97752 97755->97754 97756->97680 97757->97683 97758->97690 97759->97698 97760->97708 97761->97711 97762->97716 97763->97721 97764->97724 97765->97728 97766->97732 97767->97725 97768->97731 97769->97735 97770->97739 97771->97739 97772->97739 97773->97739 97774->97691 97775->97695 97776->97702 97777->97706 97778->97709 97779->97715 97780->97719 97782 a8aec9 22 API calls 97781->97782 97783 a84c78 97782->97783 97783->97745

                                                                                    Executed Functions

                                                                                    Function 00A842DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 234 a842de-a8434d call a8a961 GetVersionExW call a86b57 239 ac3617-ac362a 234->239 240 a84353 234->240 241 ac362b-ac362f 239->241 242 a84355-a84357 240->242 243 ac3631 241->243 244 ac3632-ac363e 241->244 245 a8435d-a843bc call a893b2 call a837a0 242->245 246 ac3656 242->246 243->244 244->241 247 ac3640-ac3642 244->247 262 ac37df-ac37e6 245->262 263 a843c2-a843c4 245->263 250 ac365d-ac3660 246->250 247->242 249 ac3648-ac364f 247->249 249->239 253 ac3651 249->253 254 a8441b-a84435 GetCurrentProcess IsWow64Process 250->254 255 ac3666-ac36a8 250->255 253->246 257 a84494-a8449a 254->257 258 a84437 254->258 255->254 259 ac36ae-ac36b1 255->259 264 a8443d-a84449 257->264 258->264 260 ac36db-ac36e5 259->260 261 ac36b3-ac36bd 259->261 268 ac36f8-ac3702 260->268 269 ac36e7-ac36f3 260->269 265 ac36bf-ac36c5 261->265 266 ac36ca-ac36d6 261->266 270 ac37e8 262->270 271 ac3806-ac3809 262->271 263->250 267 a843ca-a843dd 263->267 272 a8444f-a8445e LoadLibraryA 264->272 273 ac3824-ac3828 GetSystemInfo 264->273 265->254 266->254 274 ac3726-ac372f 267->274 275 a843e3-a843e5 267->275 277 ac3704-ac3710 268->277 278 ac3715-ac3721 268->278 269->254 276 ac37ee 270->276 279 ac380b-ac381a 271->279 280 ac37f4-ac37fc 271->280 281 a8449c-a844a6 GetSystemInfo 272->281 282 a84460-a8446e GetProcAddress 272->282 286 ac373c-ac3748 274->286 287 ac3731-ac3737 274->287 284 ac374d-ac3762 275->284 285 a843eb-a843ee 275->285 276->280 277->254 278->254 279->276 288 ac381c-ac3822 279->288 280->271 283 a84476-a84478 281->283 282->281 289 a84470-a84474 GetNativeSystemInfo 282->289 294 a8447a-a8447b FreeLibrary 283->294 295 a84481-a84493 283->295 292 ac376f-ac377b 284->292 293 ac3764-ac376a 284->293 290 a843f4-a8440f 285->290 291 ac3791-ac3794 285->291 286->254 287->254 288->280 289->283 297 ac3780-ac378c 290->297 298 a84415 290->298 291->254 296 ac379a-ac37c1 291->296 292->254 293->254 294->295 299 ac37ce-ac37da 296->299 300 ac37c3-ac37c9 296->300 297->254 298->254 299->254 300->254
                                                                                    APIs
                                                                                    • GetVersionExW.KERNEL32(?), ref: 00A8430D
                                                                                      • Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A
                                                                                    • GetCurrentProcess.KERNEL32(?,00B1CB64,00000000,?,?), ref: 00A84422
                                                                                    • IsWow64Process.KERNEL32(00000000,?,?), ref: 00A84429
                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00A84454
                                                                                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00A84466
                                                                                    • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00A84474
                                                                                    • FreeLibrary.KERNEL32(00000000,?,?), ref: 00A8447B
                                                                                    • GetSystemInfo.KERNEL32(?,?,?), ref: 00A844A0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                    • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                    • API String ID: 3290436268-3101561225
                                                                                    • Opcode ID: 2daba40f0f0c45baea59a0b80a4b7fa19e3ffb0d23ab8f6025bdc8844bd563d3
                                                                                    • Instruction ID: a12c3e87b76067585a16437cf56908e7bcbcdc7b61620875501a7d32c3e0d904
                                                                                    • Opcode Fuzzy Hash: 2daba40f0f0c45baea59a0b80a4b7fa19e3ffb0d23ab8f6025bdc8844bd563d3
                                                                                    • Instruction Fuzzy Hash: B1A1A17294A3C0FFDB11D76DBC657957FE46F3A346B088CEDD08197A22DA204908CB29
                                                                                    Function 00A842A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 638 a842a2-a842ba CreateStreamOnHGlobal 639 a842da-a842dd 638->639 640 a842bc-a842d3 FindResourceExW 638->640 641 a842d9 640->641 642 ac35ba-ac35c9 LoadResource 640->642 641->639 642->641 643 ac35cf-ac35dd SizeofResource 642->643 643->641 644 ac35e3-ac35ee LockResource 643->644 644->641 645 ac35f4-ac3612 644->645 645->641
                                                                                    APIs
                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00A850AA,?,?,00000000,00000000), ref: 00A842B2
                                                                                    • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00A850AA,?,?,00000000,00000000), ref: 00A842C9
                                                                                    • LoadResource.KERNEL32(?,00000000,?,?,00A850AA,?,?,00000000,00000000,?,?,?,?,?,?,00A84F20), ref: 00AC35BE
                                                                                    • SizeofResource.KERNEL32(?,00000000,?,?,00A850AA,?,?,00000000,00000000,?,?,?,?,?,?,00A84F20), ref: 00AC35D3
                                                                                    • LockResource.KERNEL32(00A850AA,?,?,00A850AA,?,?,00000000,00000000,?,?,?,?,?,?,00A84F20,?), ref: 00AC35E6
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                    • String ID: SCRIPT
                                                                                    • API String ID: 3051347437-3967369404
                                                                                    • Opcode ID: 85003a10613887bc30d01d000a1da82b790a424821b6cf3e3bfc74526d3fd07f
                                                                                    • Instruction ID: 0fcefbf236babf106bca2f7f340c77b995cc1ead9adf08d4614e01a0338017dd
                                                                                    • Opcode Fuzzy Hash: 85003a10613887bc30d01d000a1da82b790a424821b6cf3e3bfc74526d3fd07f
                                                                                    • Instruction Fuzzy Hash: 20117C75244705BFDB219B65DC48FA77FB9EBC9B55F208169B402D7260EB71D8008A60
                                                                                    Function 00AC2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00A82B6B
                                                                                      • Part of subcall function 00A83A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B51418,?,00A82E7F,?,?,?,00000000), ref: 00A83A78
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                    • GetForegroundWindow.USER32(runas,?,?,?,?,?,00B42224), ref: 00AC2C10
                                                                                    • ShellExecuteW.SHELL32(00000000,?,?,00B42224), ref: 00AC2C17
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                    • String ID: runas
                                                                                    • API String ID: 448630720-4000483414
                                                                                    • Opcode ID: acde094dd9ac3a445ea1b35529ee2aca92c0824e3871f04c41441cde9796c78d
                                                                                    • Instruction ID: 77275fc940becdd42289214fbc3637cd40777a5e6ff395e1c817d7f5a335feca
                                                                                    • Opcode Fuzzy Hash: acde094dd9ac3a445ea1b35529ee2aca92c0824e3871f04c41441cde9796c78d
                                                                                    • Instruction Fuzzy Hash: 3A11E6322083016ACB15FF64DA56FBEBBE8EF91741F44186DF082571A3CF218A4AD712
                                                                                    Function 00AED4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00AED501
                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00AED50F
                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00AED52F
                                                                                    • FindCloseChangeNotification.KERNEL32(00000000), ref: 00AED5DC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                                    • String ID:
                                                                                    • API String ID: 3243318325-0
                                                                                    • Opcode ID: 04286c35aee12d17553033f64fb6c3feaae8c29f7aa72a631696002ca8d9d7bd
                                                                                    • Instruction ID: debf30f4b40d667d9fcafc999303fabec5d79a929a5b28caddced2258c6a4f65
                                                                                    • Opcode Fuzzy Hash: 04286c35aee12d17553033f64fb6c3feaae8c29f7aa72a631696002ca8d9d7bd
                                                                                    • Instruction Fuzzy Hash: E131AB71108340AFD300EF64C985ABFBBF8EF99354F54092DF585971A1EB719A48CBA2
                                                                                    Function 00AEDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 907 aedbbe-aedbda lstrlenW 908 aedbdc-aedbe6 GetFileAttributesW 907->908 909 aedc06 907->909 910 aedbe8-aedbf7 FindFirstFileW 908->910 911 aedc09-aedc0d 908->911 909->911 910->909 912 aedbf9-aedc04 FindClose 910->912 912->911
                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(?,00AC5222), ref: 00AEDBCE
                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00AEDBDD
                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00AEDBEE
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AEDBFA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                    • String ID:
                                                                                    • API String ID: 2695905019-0
                                                                                    • Opcode ID: ebc583692d53de2828b80a8887c1e6cae4008d62c028d13602c76f362428763b
                                                                                    • Instruction ID: 9f457b526094b801aab967788bd205d82f2437ab4edaf51a0ff85d90e04e75c6
                                                                                    • Opcode Fuzzy Hash: ebc583692d53de2828b80a8887c1e6cae4008d62c028d13602c76f362428763b
                                                                                    • Instruction Fuzzy Hash: 4FF0E5308509106782206F7CAC0D8EA3B7C9E81374BA08702F836C30F0EFB05D64C6D6
                                                                                    Function 00AA4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCurrentProcess.KERNEL32(00AB28E9,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002,00000000,?,00AB28E9), ref: 00AA4D09
                                                                                    • TerminateProcess.KERNEL32(00000000,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002,00000000,?,00AB28E9), ref: 00AA4D10
                                                                                    • ExitProcess.KERNEL32 ref: 00AA4D22
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                    • String ID:
                                                                                    • API String ID: 1703294689-0
                                                                                    • Opcode ID: 5bb1b2a17f3a737aeaf9709c3e781c15dbdb48926b48b5d6991c0faa4ee85e77
                                                                                    • Instruction ID: 9ea91281e2ee7e79e986bade2b91d73a2fe7e39e4072a9294b2e9e5b09409ae9
                                                                                    • Opcode Fuzzy Hash: 5bb1b2a17f3a737aeaf9709c3e781c15dbdb48926b48b5d6991c0faa4ee85e77
                                                                                    • Instruction Fuzzy Hash: A9E0B631040148AFCF11AF54EE09A997F69EB86785B508014FD159B162DB75DE52CA84
                                                                                    Function 00A8D730 Relevance: 21.6, APIs: 14, Instructions: 618windowsleeptimeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetInputState.USER32 ref: 00A8D807
                                                                                    • timeGetTime.WINMM ref: 00A8DA07
                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A8DB28
                                                                                    • TranslateMessage.USER32(?), ref: 00A8DB7B
                                                                                    • DispatchMessageW.USER32(?), ref: 00A8DB89
                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A8DB9F
                                                                                    • Sleep.KERNEL32(0000000A), ref: 00A8DBB1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                    • String ID:
                                                                                    • API String ID: 2189390790-0
                                                                                    • Opcode ID: f6413594b1addf173eb9ffe436964d1df4582f4b78271dfbd3574b00d9ef3e4e
                                                                                    • Instruction ID: 9285d1ac9cbe51205aec4b9fd44bb01f8637e5279b84b84cc65359ee4cfe942d
                                                                                    • Opcode Fuzzy Hash: f6413594b1addf173eb9ffe436964d1df4582f4b78271dfbd3574b00d9ef3e4e
                                                                                    • Instruction Fuzzy Hash: 5A42B070608341EFDB28EF24C844BAABBF1BF95314F54895AE496873D1DB71E844CB92
                                                                                    Function 00A82CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00A82D07
                                                                                    • RegisterClassExW.USER32(00000030), ref: 00A82D31
                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A82D42
                                                                                    • InitCommonControlsEx.COMCTL32(?), ref: 00A82D5F
                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A82D6F
                                                                                    • LoadIconW.USER32(000000A9), ref: 00A82D85
                                                                                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A82D94
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                    • API String ID: 2914291525-1005189915
                                                                                    • Opcode ID: 504febea6c5a04ef5edd32c8cd47d249444efe217b8ebf30bea1df15f7552814
                                                                                    • Instruction ID: d8e38f2812a2ba2a49bfd77f8378c0f3c9fcca840cbabab9049218e78158254c
                                                                                    • Opcode Fuzzy Hash: 504febea6c5a04ef5edd32c8cd47d249444efe217b8ebf30bea1df15f7552814
                                                                                    • Instruction Fuzzy Hash: 6D21E2B5941308AFDB01DFA8EC49BDDBFB8FB08701F00855AE511A72A0DBB14A408F94
                                                                                    Function 00AC065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 302 ac065b-ac068b call ac042f 305 ac068d-ac0698 call aaf2c6 302->305 306 ac06a6-ac06b2 call ab5221 302->306 313 ac069a-ac06a1 call aaf2d9 305->313 311 ac06cb-ac0714 call ac039a 306->311 312 ac06b4-ac06c9 call aaf2c6 call aaf2d9 306->312 322 ac0716-ac071f 311->322 323 ac0781-ac078a GetFileType 311->323 312->313 320 ac097d-ac0983 313->320 327 ac0756-ac077c GetLastError call aaf2a3 322->327 328 ac0721-ac0725 322->328 324 ac078c-ac07bd GetLastError call aaf2a3 CloseHandle 323->324 325 ac07d3-ac07d6 323->325 324->313 339 ac07c3-ac07ce call aaf2d9 324->339 331 ac07df-ac07e5 325->331 332 ac07d8-ac07dd 325->332 327->313 328->327 333 ac0727-ac0754 call ac039a 328->333 336 ac07e9-ac0837 call ab516a 331->336 337 ac07e7 331->337 332->336 333->323 333->327 344 ac0839-ac0845 call ac05ab 336->344 345 ac0847-ac086b call ac014d 336->345 337->336 339->313 344->345 351 ac086f-ac0879 call ab86ae 344->351 352 ac086d 345->352 353 ac087e-ac08c1 345->353 351->320 352->351 355 ac08e2-ac08f0 353->355 356 ac08c3-ac08c7 353->356 359 ac097b 355->359 360 ac08f6-ac08fa 355->360 356->355 358 ac08c9-ac08dd 356->358 358->355 359->320 360->359 361 ac08fc-ac092f CloseHandle call ac039a 360->361 364 ac0931-ac095d GetLastError call aaf2a3 call ab5333 361->364 365 ac0963-ac0977 361->365 364->365 365->359
                                                                                    APIs
                                                                                      • Part of subcall function 00AC039A: CreateFileW.KERNEL32(00000000,00000000,?,00AC0704,?,?,00000000,?,00AC0704,00000000,0000000C), ref: 00AC03B7
                                                                                    • GetLastError.KERNEL32 ref: 00AC076F
                                                                                    • __dosmaperr.LIBCMT ref: 00AC0776
                                                                                    • GetFileType.KERNEL32(00000000), ref: 00AC0782
                                                                                    • GetLastError.KERNEL32 ref: 00AC078C
                                                                                    • __dosmaperr.LIBCMT ref: 00AC0795
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00AC07B5
                                                                                    • CloseHandle.KERNEL32(?), ref: 00AC08FF
                                                                                    • GetLastError.KERNEL32 ref: 00AC0931
                                                                                    • __dosmaperr.LIBCMT ref: 00AC0938
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                    • String ID: H
                                                                                    • API String ID: 4237864984-2852464175
                                                                                    • Opcode ID: 44da0d9f7eb6bddf88f4bd1263be9cf9bee0ff5170a668ded8b81303be7eb903
                                                                                    • Instruction ID: 6e6d6cee9604562667a8f03f2b8962965b9ab54e18f9f9ebf7e6893b9190babe
                                                                                    • Opcode Fuzzy Hash: 44da0d9f7eb6bddf88f4bd1263be9cf9bee0ff5170a668ded8b81303be7eb903
                                                                                    • Instruction Fuzzy Hash: 4CA11332A14608CFDF19AF68D851FAE7BA0AB0A320F15415DF815AF3D2DB359D12CB91
                                                                                    Function 00A8344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                      • Part of subcall function 00A83A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B51418,?,00A82E7F,?,?,?,00000000), ref: 00A83A78
                                                                                      • Part of subcall function 00A83357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A83379
                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00A8356A
                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00AC318D
                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00AC31CE
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00AC3210
                                                                                    • _wcslen.LIBCMT ref: 00AC3277
                                                                                    • _wcslen.LIBCMT ref: 00AC3286
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                    • API String ID: 98802146-2727554177
                                                                                    • Opcode ID: 14e25cb348248fae7a4d2dce164c30c38892992549a992b6f9814522b75b3d18
                                                                                    • Instruction ID: 4171e989bc7f7dde88da8843430b5b2870a5c10daa931c9bf056b65294f3a303
                                                                                    • Opcode Fuzzy Hash: 14e25cb348248fae7a4d2dce164c30c38892992549a992b6f9814522b75b3d18
                                                                                    • Instruction Fuzzy Hash: CF71C0724093019ED704EF65DD82EABBBE8FF9A740F80446EF545931B0EB309A48CB56
                                                                                    Function 00A82B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00A82B8E
                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00A82B9D
                                                                                    • LoadIconW.USER32(00000063), ref: 00A82BB3
                                                                                    • LoadIconW.USER32(000000A4), ref: 00A82BC5
                                                                                    • LoadIconW.USER32(000000A2), ref: 00A82BD7
                                                                                    • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A82BEF
                                                                                    • RegisterClassExW.USER32(?), ref: 00A82C40
                                                                                      • Part of subcall function 00A82CD4: GetSysColorBrush.USER32(0000000F), ref: 00A82D07
                                                                                      • Part of subcall function 00A82CD4: RegisterClassExW.USER32(00000030), ref: 00A82D31
                                                                                      • Part of subcall function 00A82CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A82D42
                                                                                      • Part of subcall function 00A82CD4: InitCommonControlsEx.COMCTL32(?), ref: 00A82D5F
                                                                                      • Part of subcall function 00A82CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A82D6F
                                                                                      • Part of subcall function 00A82CD4: LoadIconW.USER32(000000A9), ref: 00A82D85
                                                                                      • Part of subcall function 00A82CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A82D94
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                    • String ID: #$0$AutoIt v3
                                                                                    • API String ID: 423443420-4155596026
                                                                                    • Opcode ID: d7f64807fe60971398ed0aba6b74f68be2dc469206431c2d37ca88c87158b472
                                                                                    • Instruction ID: 54526442a090729edbbcc61b396d3b91548e50ad8275af774ee989adf1f81d2f
                                                                                    • Opcode Fuzzy Hash: d7f64807fe60971398ed0aba6b74f68be2dc469206431c2d37ca88c87158b472
                                                                                    • Instruction Fuzzy Hash: C4212C75E40314BBDB10DFA9EC65BA97FB4FB48B51F00459AE500A76A0DBB14940CF98
                                                                                    Function 00A83170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 443 a83170-a83185 444 a831e5-a831e7 443->444 445 a83187-a8318a 443->445 444->445 446 a831e9 444->446 447 a831eb 445->447 448 a8318c-a83193 445->448 449 a831d0-a831d8 DefWindowProcW 446->449 450 ac2dfb-ac2e23 call a818e2 call a9e499 447->450 451 a831f1-a831f6 447->451 452 a83199-a8319e 448->452 453 a83265-a8326d PostQuitMessage 448->453 454 a831de-a831e4 449->454 485 ac2e28-ac2e2f 450->485 456 a831f8-a831fb 451->456 457 a8321d-a83244 SetTimer RegisterWindowMessageW 451->457 459 ac2e7c-ac2e90 call aebf30 452->459 460 a831a4-a831a8 452->460 455 a83219-a8321b 453->455 455->454 461 ac2d9c-ac2d9f 456->461 462 a83201-a8320f KillTimer call a830f2 456->462 457->455 464 a83246-a83251 CreatePopupMenu 457->464 459->455 476 ac2e96 459->476 465 ac2e68-ac2e77 call aec161 460->465 466 a831ae-a831b3 460->466 468 ac2dd7-ac2df6 MoveWindow 461->468 469 ac2da1-ac2da5 461->469 480 a83214 call a83c50 462->480 464->455 465->455 473 ac2e4d-ac2e54 466->473 474 a831b9-a831be 466->474 468->455 477 ac2dc6-ac2dd2 SetFocus 469->477 478 ac2da7-ac2daa 469->478 473->449 479 ac2e5a-ac2e63 call ae0ad7 473->479 483 a83253-a83263 call a8326f 474->483 484 a831c4-a831ca 474->484 476->449 477->455 478->484 486 ac2db0-ac2dc1 call a818e2 478->486 479->449 480->455 483->455 484->449 484->485 485->449 491 ac2e35-ac2e48 call a830f2 call a83837 485->491 486->455 491->449
                                                                                    APIs
                                                                                    • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00A8316A,?,?), ref: 00A831D8
                                                                                    • KillTimer.USER32(?,00000001,?,?,?,?,?,00A8316A,?,?), ref: 00A83204
                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A83227
                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00A8316A,?,?), ref: 00A83232
                                                                                    • CreatePopupMenu.USER32 ref: 00A83246
                                                                                    • PostQuitMessage.USER32(00000000), ref: 00A83267
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                    • String ID: TaskbarCreated
                                                                                    • API String ID: 129472671-2362178303
                                                                                    • Opcode ID: 2e372afcb78efd0f15cfa54508aac9a9db6c6843546875850b64e8ffced786d1
                                                                                    • Instruction ID: 9b0149b6478a09dd753a8d20c413d155d5059194fc730feed1608fcc10f2b3bf
                                                                                    • Opcode Fuzzy Hash: 2e372afcb78efd0f15cfa54508aac9a9db6c6843546875850b64e8ffced786d1
                                                                                    • Instruction Fuzzy Hash: 6E412533240204AADF157F7C9D1DBBD3E69EB15F01F0446A9FA02872E1EFA19E418B61
                                                                                    Function 00A81410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 499 a81410-a81449 500 ac24b8-ac24b9 DestroyWindow 499->500 501 a8144f-a81465 mciSendStringW 499->501 504 ac24c4-ac24d1 500->504 502 a8146b-a81473 501->502 503 a816c6-a816d3 501->503 502->504 505 a81479-a81488 call a8182e 502->505 506 a816f8-a816ff 503->506 507 a816d5-a816f0 UnregisterHotKey 503->507 508 ac2500-ac2507 504->508 509 ac24d3-ac24d6 504->509 520 ac250e-ac251a 505->520 521 a8148e-a81496 505->521 506->502 512 a81705 506->512 507->506 511 a816f2-a816f3 call a810d0 507->511 508->504 517 ac2509 508->517 513 ac24d8-ac24e0 call a86246 509->513 514 ac24e2-ac24e5 FindClose 509->514 511->506 512->503 519 ac24eb-ac24f8 513->519 514->519 517->520 519->508 525 ac24fa-ac24fb call af32b1 519->525 522 ac251c-ac251e FreeLibrary 520->522 523 ac2524-ac252b 520->523 526 a8149c-a814c1 call a8cfa0 521->526 527 ac2532-ac253f 521->527 522->523 523->520 528 ac252d 523->528 525->508 537 a814f8-a81503 OleUninitialize 526->537 538 a814c3 526->538 529 ac2566-ac256d 527->529 530 ac2541-ac255e VirtualFree 527->530 528->527 529->527 534 ac256f 529->534 530->529 533 ac2560-ac2561 call af3317 530->533 533->529 540 ac2574-ac2578 534->540 539 a81509-a8150e 537->539 537->540 541 a814c6-a814f6 call a81a05 call a819ae 538->541 542 ac2589-ac2596 call af32eb 539->542 543 a81514-a8151e 539->543 540->539 544 ac257e-ac2584 540->544 541->537 555 ac2598 542->555 548 a81524-a815a5 call a8988f call a81944 call a817d5 call a9fe14 call a8177c call a8988f call a8cfa0 call a817fe call a9fe14 543->548 549 a81707-a81714 call a9f80e 543->549 544->539 561 ac259d-ac25bf call a9fdcd 548->561 589 a815ab-a815cf call a9fe14 548->589 549->548 559 a8171a 549->559 555->561 559->549 567 ac25c1 561->567 570 ac25c6-ac25e8 call a9fdcd 567->570 577 ac25ea 570->577 580 ac25ef-ac2611 call a9fdcd 577->580 585 ac2613 580->585 588 ac2618-ac2625 call ae64d4 585->588 594 ac2627 588->594 589->570 595 a815d5-a815f9 call a9fe14 589->595 597 ac262c-ac2639 call a9ac64 594->597 595->580 600 a815ff-a81619 call a9fe14 595->600 604 ac263b 597->604 600->588 605 a8161f-a81643 call a817d5 call a9fe14 600->605 607 ac2640-ac264d call af3245 604->607 605->597 614 a81649-a81651 605->614 612 ac264f 607->612 615 ac2654-ac2661 call af32cc 612->615 614->607 616 a81657-a81675 call a8988f call a8190a 614->616 621 ac2663 615->621 616->615 625 a8167b-a81689 616->625 624 ac2668-ac2675 call af32cc 621->624 631 ac2677 624->631 625->624 627 a8168f-a816c5 call a8988f * 3 call a81876 625->627 631->631
                                                                                    APIs
                                                                                    • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A81459
                                                                                    • OleUninitialize.OLE32(?,00000000), ref: 00A814F8
                                                                                    • UnregisterHotKey.USER32(?), ref: 00A816DD
                                                                                    • DestroyWindow.USER32(?), ref: 00AC24B9
                                                                                    • FreeLibrary.KERNEL32(?), ref: 00AC251E
                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00AC254B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                    • String ID: close all
                                                                                    • API String ID: 469580280-3243417748
                                                                                    • Opcode ID: ef5fea4f37fa9f01768fc333b0ce155eb5869a2260ecad97bcd338e2d0479483
                                                                                    • Instruction ID: 42f2b75d863bb9aefb37cdfdd6617b3fd0d6a239fd7d1a5c799e6a494b5c37f7
                                                                                    • Opcode Fuzzy Hash: ef5fea4f37fa9f01768fc333b0ce155eb5869a2260ecad97bcd338e2d0479483
                                                                                    • Instruction Fuzzy Hash: 5AD147317012128FDB29EF15CA99F69F7A4BF05700F2542ADE44AAB261DB30AD13CF91
                                                                                    Function 00A82C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 648 a82c63-a82cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                    APIs
                                                                                    • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A82C91
                                                                                    • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A82CB2
                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A81CAD,?), ref: 00A82CC6
                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A81CAD,?), ref: 00A82CCF
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$CreateShow
                                                                                    • String ID: AutoIt v3$edit
                                                                                    • API String ID: 1584632944-3779509399
                                                                                    • Opcode ID: bf50a22d434c1d8f88b70657125570ebf30489f6c666d950fcd335ac5d8bb63f
                                                                                    • Instruction ID: 8528698cb382afb30aa0f3d6e6dbde41c8832322707d82442e96f1870251e032
                                                                                    • Opcode Fuzzy Hash: bf50a22d434c1d8f88b70657125570ebf30489f6c666d950fcd335ac5d8bb63f
                                                                                    • Instruction Fuzzy Hash: 68F03A755803907AEB310B1BAC18FB72EBDD7C6F61F01449AF900A31B0CA610840DAB8
                                                                                    Function 00B0AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 763 b0ad64-b0ad9c call a8a961 call aa2340 768 b0add1-b0add5 763->768 769 b0ad9e-b0adb5 call a87510 763->769 771 b0adf1-b0adf5 768->771 772 b0add7-b0adee call a87510 call a87620 768->772 769->768 777 b0adb7-b0adce call a87510 call a87620 769->777 775 b0adf7-b0ae0e call a87510 771->775 776 b0ae3a 771->776 772->771 779 b0ae3c-b0ae40 775->779 786 b0ae10-b0ae21 call a89b47 775->786 776->779 777->768 784 b0ae42-b0ae50 call a8b567 779->784 785 b0ae53-b0aeae call aa2340 call a87510 ShellExecuteExW 779->785 784->785 800 b0aeb0-b0aeb6 call a9fe14 785->800 801 b0aeb7-b0aeb9 785->801 786->776 799 b0ae23-b0ae2e call a87510 786->799 799->776 808 b0ae30-b0ae35 call a8a8c7 799->808 800->801 805 b0aec2-b0aec6 801->805 806 b0aebb-b0aec1 call a9fe14 801->806 810 b0aec8-b0aed6 805->810 811 b0af0a-b0af0e 805->811 806->805 808->776 816 b0aed8 810->816 817 b0aedb-b0aeeb 810->817 812 b0af10-b0af19 811->812 813 b0af1b-b0af33 call a8cfa0 811->813 818 b0af6d-b0af7b call a8988f 812->818 813->818 826 b0af35-b0af46 GetProcessId 813->826 816->817 820 b0aef0-b0af08 call a8cfa0 817->820 821 b0aeed 817->821 820->818 821->820 828 b0af48 826->828 829 b0af4e-b0af67 call a8cfa0 CloseHandle 826->829 828->829 829->818
                                                                                    APIs
                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 00B0AEA3
                                                                                      • Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625
                                                                                    • GetProcessId.KERNEL32(00000000), ref: 00B0AF38
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B0AF67
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                    • String ID: <$@
                                                                                    • API String ID: 146682121-1426351568
                                                                                    • Opcode ID: a4b03d7643ea9cecdde4c71118e44d698d493098a104a285a7e17e7875b84b2d
                                                                                    • Instruction ID: 56afc1410e5147de94487d5ee8ef4c2c17128ad85e3371ce3c7c858a4f086e82
                                                                                    • Opcode Fuzzy Hash: a4b03d7643ea9cecdde4c71118e44d698d493098a104a285a7e17e7875b84b2d
                                                                                    • Instruction Fuzzy Hash: EC715971A00615DFCB14EF54C584A9EBBF0FF08314F1488A9E856AB7A2CB74ED45CBA1
                                                                                    Function 00A83B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 868 a83b1c-a83b27 869 a83b99-a83b9b 868->869 870 a83b29-a83b2e 868->870 871 a83b8c-a83b8f 869->871 870->869 872 a83b30-a83b48 RegOpenKeyExW 870->872 872->869 873 a83b4a-a83b69 RegQueryValueExW 872->873 874 a83b6b-a83b76 873->874 875 a83b80-a83b8b RegCloseKey 873->875 876 a83b78-a83b7a 874->876 877 a83b90-a83b97 874->877 875->871 878 a83b7e 876->878 877->878 878->875
                                                                                    APIs
                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00A83B0F,SwapMouseButtons,00000004,?), ref: 00A83B40
                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00A83B0F,SwapMouseButtons,00000004,?), ref: 00A83B61
                                                                                    • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00A83B0F,SwapMouseButtons,00000004,?), ref: 00A83B83
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseOpenQueryValue
                                                                                    • String ID: Control Panel\Mouse
                                                                                    • API String ID: 3677997916-824357125
                                                                                    • Opcode ID: 148d19427e73264f1114dbdda428912a4c5d2e0bfb974549c12ca7f7d289ec99
                                                                                    • Instruction ID: 361b2ea40ddbd2c0bdd26b0bea4f9cfc8d8bbc5217ac4b3ea8ac4c131837ca48
                                                                                    • Opcode Fuzzy Hash: 148d19427e73264f1114dbdda428912a4c5d2e0bfb974549c12ca7f7d289ec99
                                                                                    • Instruction Fuzzy Hash: AE112AB6510208FFDF21DFA5DC48AEEBBB8EF04B84B108459A806D7110E6719F409760
                                                                                    Function 00A83923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00AC33A2
                                                                                      • Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A
                                                                                    • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A83A04
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: IconLoadNotifyShell_String_wcslen
                                                                                    • String ID: Line:
                                                                                    • API String ID: 2289894680-1585850449
                                                                                    • Opcode ID: d043f14bb0d7be4e81a1cebde926df53bce52c2d425dff2c99b1ecb1f06e92c7
                                                                                    • Instruction ID: 1d9184d3b820dbe5e820ba810f4b5c3302222c4d65204b057a2426f1375e4262
                                                                                    • Opcode Fuzzy Hash: d043f14bb0d7be4e81a1cebde926df53bce52c2d425dff2c99b1ecb1f06e92c7
                                                                                    • Instruction Fuzzy Hash: 5D31CF72408300AADB25FB24DC55BEBB7E8AB40B10F00496EF59A97191EF709A49C7C6
                                                                                    Function 00A9FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00AA0668
                                                                                      • Part of subcall function 00AA32A4: RaiseException.KERNEL32(?,?,?,00AA068A,?,00B51444,?,?,?,?,?,?,00AA068A,00A81129,00B48738,00A81129), ref: 00AA3304
                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00AA0685
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Exception@8Throw$ExceptionRaise
                                                                                    • String ID: Unknown exception
                                                                                    • API String ID: 3476068407-410509341
                                                                                    • Opcode ID: 548fe742a9dbf0c7a0897a1bd2c3eebed39ad751fb1ad7e37c63cbf756e48b8b
                                                                                    • Instruction ID: 6c6003fee8d07ef2c1664903574ff9d568f2106e6c024a855b707f42aacf11cf
                                                                                    • Opcode Fuzzy Hash: 548fe742a9dbf0c7a0897a1bd2c3eebed39ad751fb1ad7e37c63cbf756e48b8b
                                                                                    • Instruction Fuzzy Hash: 56F0C234A0020D7B8F00B7A4D946DAE77AC5E42358B604171B814D75E1EFB1EB69C5C0
                                                                                    Function 00A810F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A81BF4
                                                                                      • Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00A81BFC
                                                                                      • Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A81C07
                                                                                      • Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A81C12
                                                                                      • Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00A81C1A
                                                                                      • Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00A81C22
                                                                                      • Part of subcall function 00A81B4A: RegisterWindowMessageW.USER32(00000004,?,00A812C4), ref: 00A81BA2
                                                                                    • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A8136A
                                                                                    • OleInitialize.OLE32 ref: 00A81388
                                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 00AC24AB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                    • String ID:
                                                                                    • API String ID: 1986988660-0
                                                                                    • Opcode ID: a4137cd03fefac0c8f3cbd276562f7e815aa6cb6189caf7d701ebf479c50db77
                                                                                    • Instruction ID: 0c6c20a70c9c906960dedff233462016d040db3903a9d540716ea9b5d35e0570
                                                                                    • Opcode Fuzzy Hash: a4137cd03fefac0c8f3cbd276562f7e815aa6cb6189caf7d701ebf479c50db77
                                                                                    • Instruction Fuzzy Hash: 9C71B6B59023008ED785EF7DBA457A53AE4BBA83867548EEAD41AC7361FF304885CF50
                                                                                    Function 00AB86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,00AB85CC,?,00B48CC8,0000000C), ref: 00AB8704
                                                                                    • GetLastError.KERNEL32(?,00AB85CC,?,00B48CC8,0000000C), ref: 00AB870E
                                                                                    • __dosmaperr.LIBCMT ref: 00AB8739
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                    • String ID:
                                                                                    • API String ID: 490808831-0
                                                                                    • Opcode ID: 299b072e0650dbac25d41e5f2659b23fbe58cf6c4931d76a04147778d4b27163
                                                                                    • Instruction ID: b62a99bbf24d58527a8fe573d6f09779fcaad0f927a05f5d1d45a97ae0688036
                                                                                    • Opcode Fuzzy Hash: 299b072e0650dbac25d41e5f2659b23fbe58cf6c4931d76a04147778d4b27163
                                                                                    • Instruction Fuzzy Hash: 6A014E32A0572026D664733CA9557FE6B9D4B92778F390159F8148F1D3DEB8CC81D150
                                                                                    Function 00A91310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __Init_thread_footer.LIBCMT ref: 00A917F6
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Init_thread_footer
                                                                                    • String ID: CALL
                                                                                    • API String ID: 1385522511-4196123274
                                                                                    • Opcode ID: b648f922743b0e8f9cfddf4ea28252ae1926e6dac0f186eea8a5847a0731d9a4
                                                                                    • Instruction ID: 4debb884a98a4e51ae94e70994ae7b005391f74b850ff663eeddb282c6023a84
                                                                                    • Opcode Fuzzy Hash: b648f922743b0e8f9cfddf4ea28252ae1926e6dac0f186eea8a5847a0731d9a4
                                                                                    • Instruction Fuzzy Hash: 6C228BB46083029FCB14DF14C584B2ABBF1BF89314F29895DF5968B3A2D731E945CB92
                                                                                    Function 00A82DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetOpenFileNameW.COMDLG32(?), ref: 00AC2C8C
                                                                                      • Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2
                                                                                      • Part of subcall function 00A82DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00A82DC4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Name$Path$FileFullLongOpen
                                                                                    • String ID: X
                                                                                    • API String ID: 779396738-3081909835
                                                                                    • Opcode ID: 1fc35abb5930b04289a46070919c3417fec31fcc686c8c2664dceb735db7c33b
                                                                                    • Instruction ID: 58a730e53c2986fa6dacd10e5caa5d173b8820fdceba1fdf916e44cbb634ab3f
                                                                                    • Opcode Fuzzy Hash: 1fc35abb5930b04289a46070919c3417fec31fcc686c8c2664dceb735db7c33b
                                                                                    • Instruction Fuzzy Hash: F021B771A002589FDF01EF94C949BEE7BFCAF49715F008059E405B7241DBB45A898FA1
                                                                                    Function 00A83837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A83908
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: IconNotifyShell_
                                                                                    • String ID:
                                                                                    • API String ID: 1144537725-0
                                                                                    • Opcode ID: 39cf3b75380d5677cd65c29ee5a7d13b0e3cbfd95704c282a5d84d5744c9ffa4
                                                                                    • Instruction ID: d3945723bd1b4a6c517635ae33e366bb7befa1b8834c6eb82645ef614a0ee4bb
                                                                                    • Opcode Fuzzy Hash: 39cf3b75380d5677cd65c29ee5a7d13b0e3cbfd95704c282a5d84d5744c9ffa4
                                                                                    • Instruction Fuzzy Hash: DE3193715043019FDB20EF24D894797BBE4FB49709F00096EF59987250EB71AA44CB52
                                                                                    Function 00A84ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A84E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E9C
                                                                                      • Part of subcall function 00A84E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A84EAE
                                                                                      • Part of subcall function 00A84E90: FreeLibrary.KERNEL32(00000000,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84EC0
                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84EFD
                                                                                      • Part of subcall function 00A84E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E62
                                                                                      • Part of subcall function 00A84E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A84E74
                                                                                      • Part of subcall function 00A84E59: FreeLibrary.KERNEL32(00000000,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E87
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Library$Load$AddressFreeProc
                                                                                    • String ID:
                                                                                    • API String ID: 2632591731-0
                                                                                    • Opcode ID: f936b5ab68e8235e9745e8c89b56583751af2a5be0fcc924dc47e68579162d5c
                                                                                    • Instruction ID: 5a8df62306b267249aa0ab9d9c43d4dfddee8159d0fe6ccf55c420d43da0ca0c
                                                                                    • Opcode Fuzzy Hash: f936b5ab68e8235e9745e8c89b56583751af2a5be0fcc924dc47e68579162d5c
                                                                                    • Instruction Fuzzy Hash: 8B11E332600206AACF14FF70DE02FED77A5AF48B14F20842EF642A61D1EE709E459B90
                                                                                    Function 00AB8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: __wsopen_s
                                                                                    • String ID:
                                                                                    • API String ID: 3347428461-0
                                                                                    • Opcode ID: cb9d16bfaefe56ca91b4ce430b0448bf34a4900a5faadc3b1034f3fe3c0e7357
                                                                                    • Instruction ID: 2c065155f934ae03b318901469a2de5f674d7456fcb1080a86ed429e3a6202e1
                                                                                    • Opcode Fuzzy Hash: cb9d16bfaefe56ca91b4ce430b0448bf34a4900a5faadc3b1034f3fe3c0e7357
                                                                                    • Instruction Fuzzy Hash: 9B11187590420AAFCF05DF58E941ADA7BF9EF48314F114199FC08AB312DA31DA11CBA5
                                                                                    Function 00AB5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AB4C7D: RtlAllocateHeap.NTDLL(00000008,00A81129,00000000,?,00AB2E29,00000001,00000364,?,?,?,00AAF2DE,00AB3863,00B51444,?,00A9FDF5,?), ref: 00AB4CBE
                                                                                    • _free.LIBCMT ref: 00AB506C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap_free
                                                                                    • String ID:
                                                                                    • API String ID: 614378929-0
                                                                                    • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                    • Instruction ID: c8e7dcaf21eb0d827b6ea6d2929e0235ee3f89299a7351171537db92ebd8601e
                                                                                    • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                    • Instruction Fuzzy Hash: 0A0149726047056FE3319F65D881ADAFBECFB89370F25052DE184832C2EA30A905C7B4
                                                                                    Function 00AAE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                    • Instruction ID: 5c720be89bbabe7fa1cdbdf1bbe034fe030e169de2f175af08e4c741acb0de7d
                                                                                    • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                    • Instruction Fuzzy Hash: 3DF0F432511A10AAD6317B698E05B9A739C9F53330F100F1AF425931D3DB74D80586A5
                                                                                    Function 00AB4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlAllocateHeap.NTDLL(00000008,00A81129,00000000,?,00AB2E29,00000001,00000364,?,?,?,00AAF2DE,00AB3863,00B51444,?,00A9FDF5,?), ref: 00AB4CBE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1279760036-0
                                                                                    • Opcode ID: b4027969909b799f02409888a5c1918f98d9eeb6e9087febe266085ba1a746f9
                                                                                    • Instruction ID: 2a13cc43aff9c2ed5cad346139aef5b3bc9f3a5b41f95fa960d41f7c8411e908
                                                                                    • Opcode Fuzzy Hash: b4027969909b799f02409888a5c1918f98d9eeb6e9087febe266085ba1a746f9
                                                                                    • Instruction Fuzzy Hash: 10F0B43164632466DB215F669D05BDA3F9CAF8BFA1B144121F919A71C3CB71DC1046E0
                                                                                    Function 00AB3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1279760036-0
                                                                                    • Opcode ID: 0aec889a6b9f3c72acd47269aaa1ab68b9e5b3ae521b2c47b0c8e5569108ff6c
                                                                                    • Instruction ID: 3fce964ddd8493587830abb293876afe77533f575295570838016d861941c32e
                                                                                    • Opcode Fuzzy Hash: 0aec889a6b9f3c72acd47269aaa1ab68b9e5b3ae521b2c47b0c8e5569108ff6c
                                                                                    • Instruction Fuzzy Hash: AEE0A0331423246ADE212BFA9D00BDA365CAB827B0F160021BC04934D2DB509D0181E2
                                                                                    Function 00A84F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FreeLibrary.KERNEL32(?,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84F6D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FreeLibrary
                                                                                    • String ID:
                                                                                    • API String ID: 3664257935-0
                                                                                    • Opcode ID: 9c96fc223ef94cc3b11c5fb8a728f0f37be2fc7ae0e447c01174fcda7ceb6ea0
                                                                                    • Instruction ID: 0ca0cee64526943acd640547917ef84d0493d2687fead791ffe23d9f852ed2fa
                                                                                    • Opcode Fuzzy Hash: 9c96fc223ef94cc3b11c5fb8a728f0f37be2fc7ae0e447c01174fcda7ceb6ea0
                                                                                    • Instruction Fuzzy Hash: 58F03971105752CFDB34AF64D590822BBF4BF187293258A7EE2EA83621CB319C44DF10
                                                                                    Function 00A830F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A8314E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: IconNotifyShell_
                                                                                    • String ID:
                                                                                    • API String ID: 1144537725-0
                                                                                    • Opcode ID: 3a8c518591d812c2fe3cfb3f74b9f7a48e7d5087baba076fa8f6f3e5d41240d3
                                                                                    • Instruction ID: fc0d8fa4b39032ca15a5b506a5978329eea1e987c8e48436dda56af65649558c
                                                                                    • Opcode Fuzzy Hash: 3a8c518591d812c2fe3cfb3f74b9f7a48e7d5087baba076fa8f6f3e5d41240d3
                                                                                    • Instruction Fuzzy Hash: D5F03070914318AFEB529B28DC4A7DA7BBCAB01708F0005E9A68897292DB745B89CF55
                                                                                    Function 00A82DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00A82DC4
                                                                                      • Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: LongNamePath_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 541455249-0
                                                                                    • Opcode ID: ea94aa46a1f3da6d77362688306c5342cfe30d907f9202d6fb3661b0534c8ecc
                                                                                    • Instruction ID: dc883996c23a11785ed340b6d548cef69ecc23eeec340073b971e92afbb7fd81
                                                                                    • Opcode Fuzzy Hash: ea94aa46a1f3da6d77362688306c5342cfe30d907f9202d6fb3661b0534c8ecc
                                                                                    • Instruction Fuzzy Hash: 2EE0C272A002245BCB20A6989C0AFEA77EDDFC8794F0540B6FD09E7248DA70ED808690
                                                                                    Function 00A82B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A83837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A83908
                                                                                      • Part of subcall function 00A8D730: GetInputState.USER32 ref: 00A8D807
                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00A82B6B
                                                                                      • Part of subcall function 00A830F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A8314E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                    • String ID:
                                                                                    • API String ID: 3667716007-0
                                                                                    • Opcode ID: 1965a6841f35da200d937a17d9fcf6a2b4bb73988a08b83b65120c3855cc7259
                                                                                    • Instruction ID: ee4ed1403ae1cbdda77576167731a2d719a7774724a9e0a37059b7efbeec7c09
                                                                                    • Opcode Fuzzy Hash: 1965a6841f35da200d937a17d9fcf6a2b4bb73988a08b83b65120c3855cc7259
                                                                                    • Instruction Fuzzy Hash: B2E0863370424406CE04BB74AA566BDA7599BD1756F40197EF542472A2CE2449494752
                                                                                    Function 00AC039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateFileW.KERNEL32(00000000,00000000,?,00AC0704,?,?,00000000,?,00AC0704,00000000,0000000C), ref: 00AC03B7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID:
                                                                                    • API String ID: 823142352-0
                                                                                    • Opcode ID: b776737d84c988da700726b8a564ee3827695a029b094eb2d6f945b055fef015
                                                                                    • Instruction ID: b8d9eef3d3a76fbbd67537f88c4555b729ddf64e3224afe741e551ec1f067939
                                                                                    • Opcode Fuzzy Hash: b776737d84c988da700726b8a564ee3827695a029b094eb2d6f945b055fef015
                                                                                    • Instruction Fuzzy Hash: FFD06C3208010DBBDF028F84DD06EDA3FAAFB48714F018000BE18A6020C732E831AB90
                                                                                    Function 00A81CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00A81CBC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InfoParametersSystem
                                                                                    • String ID:
                                                                                    • API String ID: 3098949447-0
                                                                                    • Opcode ID: 4f2b0f2ea3f7cef68d2ae65e25af08b6b3f84da139c69aeafe108f947fabd59c
                                                                                    • Instruction ID: 896f58e01bf12f7d65285ee406927c5d629dfadd85666f3ef4bce10debaf113c
                                                                                    • Opcode Fuzzy Hash: 4f2b0f2ea3f7cef68d2ae65e25af08b6b3f84da139c69aeafe108f947fabd59c
                                                                                    • Instruction Fuzzy Hash: 79C092362C1304AFF2158B84BC5BF507B65A368B02F448841FA09AB5F3DBA22820EA54

                                                                                    Non-executed Functions

                                                                                    Function 00B19576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2
                                                                                    • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00B1961A
                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B1965B
                                                                                    • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00B1969F
                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B196C9
                                                                                    • SendMessageW.USER32 ref: 00B196F2
                                                                                    • GetKeyState.USER32(00000011), ref: 00B1978B
                                                                                    • GetKeyState.USER32(00000009), ref: 00B19798
                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B197AE
                                                                                    • GetKeyState.USER32(00000010), ref: 00B197B8
                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B197E9
                                                                                    • SendMessageW.USER32 ref: 00B19810
                                                                                    • SendMessageW.USER32(?,00001030,?,00B17E95), ref: 00B19918
                                                                                    • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00B1992E
                                                                                    • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00B19941
                                                                                    • SetCapture.USER32(?), ref: 00B1994A
                                                                                    • ClientToScreen.USER32(?,?), ref: 00B199AF
                                                                                    • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00B199BC
                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B199D6
                                                                                    • ReleaseCapture.USER32 ref: 00B199E1
                                                                                    • GetCursorPos.USER32(?), ref: 00B19A19
                                                                                    • ScreenToClient.USER32(?,?), ref: 00B19A26
                                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 00B19A80
                                                                                    • SendMessageW.USER32 ref: 00B19AAE
                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00B19AEB
                                                                                    • SendMessageW.USER32 ref: 00B19B1A
                                                                                    • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00B19B3B
                                                                                    • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00B19B4A
                                                                                    • GetCursorPos.USER32(?), ref: 00B19B68
                                                                                    • ScreenToClient.USER32(?,?), ref: 00B19B75
                                                                                    • GetParent.USER32(?), ref: 00B19B93
                                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 00B19BFA
                                                                                    • SendMessageW.USER32 ref: 00B19C2B
                                                                                    • ClientToScreen.USER32(?,?), ref: 00B19C84
                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00B19CB4
                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00B19CDE
                                                                                    • SendMessageW.USER32 ref: 00B19D01
                                                                                    • ClientToScreen.USER32(?,?), ref: 00B19D4E
                                                                                    • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00B19D82
                                                                                      • Part of subcall function 00A99944: GetWindowLongW.USER32(?,000000EB), ref: 00A99952
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B19E05
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                    • String ID: @GUI_DRAGID$F
                                                                                    • API String ID: 3429851547-4164748364
                                                                                    • Opcode ID: 3866d577d0f1ff954937800a6b954fd7da64b38b6ab993bae16e650ad8da3f46
                                                                                    • Instruction ID: f75a0bb681a6c8f04a267088a8e453b4697d732d0f7b81e759a8ffa1cd1e6a82
                                                                                    • Opcode Fuzzy Hash: 3866d577d0f1ff954937800a6b954fd7da64b38b6ab993bae16e650ad8da3f46
                                                                                    • Instruction Fuzzy Hash: A9428F71204281EFD724CF28CC54BEABBE5FF89310F544AA9F595872A1DB319C94CB51
                                                                                    Function 00B14873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00B148F3
                                                                                    • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00B14908
                                                                                    • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00B14927
                                                                                    • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00B1494B
                                                                                    • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00B1495C
                                                                                    • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00B1497B
                                                                                    • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00B149AE
                                                                                    • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00B149D4
                                                                                    • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00B14A0F
                                                                                    • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B14A56
                                                                                    • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B14A7E
                                                                                    • IsMenu.USER32(?), ref: 00B14A97
                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B14AF2
                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B14B20
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B14B94
                                                                                    • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00B14BE3
                                                                                    • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00B14C82
                                                                                    • wsprintfW.USER32 ref: 00B14CAE
                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B14CC9
                                                                                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00B14CF1
                                                                                    • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00B14D13
                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B14D33
                                                                                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00B14D5A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                    • String ID: %d/%02d/%02d
                                                                                    • API String ID: 4054740463-328681919
                                                                                    • Opcode ID: 223912826d96792e051988cc2bad26751723ae685d26a4d0f4db61c63397f73e
                                                                                    • Instruction ID: 1622c0225e5d3a54343e3b479537721362b75bd8010a1413382bde88818bf174
                                                                                    • Opcode Fuzzy Hash: 223912826d96792e051988cc2bad26751723ae685d26a4d0f4db61c63397f73e
                                                                                    • Instruction Fuzzy Hash: BE12BB71640214AFEB248F28CC89FEE7BE8EF45710F5441A9F51AEB2A1DB749981CB50
                                                                                    Function 00A9F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00A9F998
                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00ADF474
                                                                                    • IsIconic.USER32(00000000), ref: 00ADF47D
                                                                                    • ShowWindow.USER32(00000000,00000009), ref: 00ADF48A
                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00ADF494
                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00ADF4AA
                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00ADF4B1
                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00ADF4BD
                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 00ADF4CE
                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 00ADF4D6
                                                                                    • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00ADF4DE
                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00ADF4E1
                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF4F6
                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00ADF501
                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF50B
                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00ADF510
                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF519
                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00ADF51E
                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF528
                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00ADF52D
                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00ADF530
                                                                                    • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00ADF557
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                    • String ID: Shell_TrayWnd
                                                                                    • API String ID: 4125248594-2988720461
                                                                                    • Opcode ID: cdf5eeaa24ae4d422551c607b9086bc818a39103724c9c4e71df259906ca73b2
                                                                                    • Instruction ID: c99001258ad5bb2b62d7ed78150cad3b029e570d632f910afa8f94cfde8ed0a4
                                                                                    • Opcode Fuzzy Hash: cdf5eeaa24ae4d422551c607b9086bc818a39103724c9c4e71df259906ca73b2
                                                                                    • Instruction Fuzzy Hash: D2314371A80318BFEB216BB55C4AFBF7E6DEB44B50F504066FA02E71D1CBB15D00AA60
                                                                                    Function 00AE1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AE16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE170D
                                                                                      • Part of subcall function 00AE16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE173A
                                                                                      • Part of subcall function 00AE16C3: GetLastError.KERNEL32 ref: 00AE174A
                                                                                    • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00AE1286
                                                                                    • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00AE12A8
                                                                                    • CloseHandle.KERNEL32(?), ref: 00AE12B9
                                                                                    • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00AE12D1
                                                                                    • GetProcessWindowStation.USER32 ref: 00AE12EA
                                                                                    • SetProcessWindowStation.USER32(00000000), ref: 00AE12F4
                                                                                    • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00AE1310
                                                                                      • Part of subcall function 00AE10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00AE11FC), ref: 00AE10D4
                                                                                      • Part of subcall function 00AE10BF: CloseHandle.KERNEL32(?,?,00AE11FC), ref: 00AE10E9
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                    • String ID: $default$winsta0
                                                                                    • API String ID: 22674027-1027155976
                                                                                    • Opcode ID: c7fc95f206910d09d121dba2afe3214a2cac5b4a38f2b4e89a6daad6dee4b172
                                                                                    • Instruction ID: 5d4cbb71dcbaec49513a16278a315e0ddb304006866b55c26275bbea0534c9c8
                                                                                    • Opcode Fuzzy Hash: c7fc95f206910d09d121dba2afe3214a2cac5b4a38f2b4e89a6daad6dee4b172
                                                                                    • Instruction Fuzzy Hash: 0581A0B1A40299AFDF219FA5DD49FEE7FB9EF04704F148129F911A72A0DB708954CB20
                                                                                    Function 00AE0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE1114
                                                                                      • Part of subcall function 00AE10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1120
                                                                                      • Part of subcall function 00AE10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE112F
                                                                                      • Part of subcall function 00AE10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1136
                                                                                      • Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE114D
                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00AE0BCC
                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00AE0C00
                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00AE0C17
                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00AE0C51
                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00AE0C6D
                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00AE0C84
                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00AE0C8C
                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00AE0C93
                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00AE0CB4
                                                                                    • CopySid.ADVAPI32(00000000), ref: 00AE0CBB
                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00AE0CEA
                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00AE0D0C
                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00AE0D1E
                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0D45
                                                                                    • HeapFree.KERNEL32(00000000), ref: 00AE0D4C
                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0D55
                                                                                    • HeapFree.KERNEL32(00000000), ref: 00AE0D5C
                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0D65
                                                                                    • HeapFree.KERNEL32(00000000), ref: 00AE0D6C
                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00AE0D78
                                                                                    • HeapFree.KERNEL32(00000000), ref: 00AE0D7F
                                                                                      • Part of subcall function 00AE1193: GetProcessHeap.KERNEL32(00000008,00AE0BB1,?,00000000,?,00AE0BB1,?), ref: 00AE11A1
                                                                                      • Part of subcall function 00AE1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00AE0BB1,?), ref: 00AE11A8
                                                                                      • Part of subcall function 00AE1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00AE0BB1,?), ref: 00AE11B7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                    • String ID:
                                                                                    • API String ID: 4175595110-0
                                                                                    • Opcode ID: 0a6519f26cdedf87c125d92ea647da77c897df16680e61e79d0fc460b81d1c97
                                                                                    • Instruction ID: c29a2b3d2f78f0dda76b0ccf5bd91b40ceb7d7517ae2e483afc2710b6248f80c
                                                                                    • Opcode Fuzzy Hash: 0a6519f26cdedf87c125d92ea647da77c897df16680e61e79d0fc460b81d1c97
                                                                                    • Instruction Fuzzy Hash: 23715C7294024AEBDF10DFA5DC88FEEBBB8FF08300F148515E915A7191DBB5AA45CB60
                                                                                    Function 00AFEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • OpenClipboard.USER32(00B1CC08), ref: 00AFEB29
                                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 00AFEB37
                                                                                    • GetClipboardData.USER32(0000000D), ref: 00AFEB43
                                                                                    • CloseClipboard.USER32 ref: 00AFEB4F
                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00AFEB87
                                                                                    • CloseClipboard.USER32 ref: 00AFEB91
                                                                                    • GlobalUnlock.KERNEL32(00000000,00000000), ref: 00AFEBBC
                                                                                    • IsClipboardFormatAvailable.USER32(00000001), ref: 00AFEBC9
                                                                                    • GetClipboardData.USER32(00000001), ref: 00AFEBD1
                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00AFEBE2
                                                                                    • GlobalUnlock.KERNEL32(00000000,?), ref: 00AFEC22
                                                                                    • IsClipboardFormatAvailable.USER32(0000000F), ref: 00AFEC38
                                                                                    • GetClipboardData.USER32(0000000F), ref: 00AFEC44
                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00AFEC55
                                                                                    • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00AFEC77
                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00AFEC94
                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00AFECD2
                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?), ref: 00AFECF3
                                                                                    • CountClipboardFormats.USER32 ref: 00AFED14
                                                                                    • CloseClipboard.USER32 ref: 00AFED59
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                    • String ID:
                                                                                    • API String ID: 420908878-0
                                                                                    • Opcode ID: 61213cf9bfa17d5f22bba42af2de622772183f134fc391e5bcf9384712aac4a9
                                                                                    • Instruction ID: 65eca84ac2b1f306c65b8878b438251491c362fc5de42e0834144c4ea3ce4857
                                                                                    • Opcode Fuzzy Hash: 61213cf9bfa17d5f22bba42af2de622772183f134fc391e5bcf9384712aac4a9
                                                                                    • Instruction Fuzzy Hash: 8761BC34244205AFD310EFA4C888FBA7BA4AF84704F488559F596972A2DF31DD06CBA2
                                                                                    Function 00AF698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00AF69BE
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AF6A12
                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AF6A4E
                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AF6A75
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00AF6AB2
                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00AF6ADF
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                    • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                    • API String ID: 3830820486-3289030164
                                                                                    • Opcode ID: 03bce68515b9d767fb44ef4151beda1e36e693f5189286deaa4d904197ef0f93
                                                                                    • Instruction ID: 0093f9f673340a60752115da354e22f2e5807072404a167676b0d3663c19d43a
                                                                                    • Opcode Fuzzy Hash: 03bce68515b9d767fb44ef4151beda1e36e693f5189286deaa4d904197ef0f93
                                                                                    • Instruction Fuzzy Hash: DAD13DB2508304AFC714EBA4C982EBBB7ECAF98704F44491DF685D7191EB74DA44CB62
                                                                                    Function 00AF9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00AF9663
                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00AF96A1
                                                                                    • SetFileAttributesW.KERNEL32(?,?), ref: 00AF96BB
                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00AF96D3
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AF96DE
                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00AF96FA
                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF974A
                                                                                    • SetCurrentDirectoryW.KERNEL32(00B46B7C), ref: 00AF9768
                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AF9772
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AF977F
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AF978F
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                    • String ID: *.*
                                                                                    • API String ID: 1409584000-438819550
                                                                                    • Opcode ID: a9cfb5805ae896988455e6bd8094d7331c686cd179c2810adc18969c4a9f8894
                                                                                    • Instruction ID: 11d4a5826fd1e9724d2e095fe0442cc07d55f1f7bea7e66dc8dc90fcf03e5d77
                                                                                    • Opcode Fuzzy Hash: a9cfb5805ae896988455e6bd8094d7331c686cd179c2810adc18969c4a9f8894
                                                                                    • Instruction Fuzzy Hash: AB31A23254021D6BDB14AFF4EC49BEF7BAC9F09321F508195FA15E30A0DB74DE448A54
                                                                                    Function 00AF979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00AF97BE
                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00AF9819
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AF9824
                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00AF9840
                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF9890
                                                                                    • SetCurrentDirectoryW.KERNEL32(00B46B7C), ref: 00AF98AE
                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AF98B8
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AF98C5
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AF98D5
                                                                                      • Part of subcall function 00AEDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00AEDB00
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                    • String ID: *.*
                                                                                    • API String ID: 2640511053-438819550
                                                                                    • Opcode ID: 09ce8a1625d62c58f1ac1851d5b743f652b012de5517657bd785fa251ab5e530
                                                                                    • Instruction ID: 36ca15ffe86da62074de78293d6bbdf106d1f098afa0aef23a14294c0f6bc2d4
                                                                                    • Opcode Fuzzy Hash: 09ce8a1625d62c58f1ac1851d5b743f652b012de5517657bd785fa251ab5e530
                                                                                    • Instruction Fuzzy Hash: D831C33254021D6ADB14AFF4EC49BEF7BACDF06360F108195F954A31E0DB70DE848AA4
                                                                                    Function 00B0BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E
                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0BF3E
                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00B0BFA9
                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B0BFCD
                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00B0C02C
                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00B0C0E7
                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B0C154
                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B0C1E9
                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00B0C23A
                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B0C2E3
                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B0C382
                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B0C38F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                    • String ID:
                                                                                    • API String ID: 3102970594-0
                                                                                    • Opcode ID: 7d2bf3c3589a921b61e496540f228b293bed22ed448fcf88501efe2e58b21212
                                                                                    • Instruction ID: ad52027597cc51c446224256ad45da65a8f745b7090da2df40bf37fe4fabfe1b
                                                                                    • Opcode Fuzzy Hash: 7d2bf3c3589a921b61e496540f228b293bed22ed448fcf88501efe2e58b21212
                                                                                    • Instruction Fuzzy Hash: 9B025D716042009FD714DF28C995E2ABBE5EF89318F18C59DF84ADB2A2DB31EC45CB52
                                                                                    Function 00AF8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetLocalTime.KERNEL32(?), ref: 00AF8257
                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00AF8267
                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00AF8273
                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AF8310
                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8324
                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8356
                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AF838C
                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8395
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentDirectoryTime$File$Local$System
                                                                                    • String ID: *.*
                                                                                    • API String ID: 1464919966-438819550
                                                                                    • Opcode ID: 6bcbbe268e0b1ce39d3d4e4b2a5395bfd85a6e0149ce47cab6c67746e537fb95
                                                                                    • Instruction ID: 32051b9cfd1a9c4e8bd9f59beef77782e6ad2a027ac8bacbc800ef5eb93e65ce
                                                                                    • Opcode Fuzzy Hash: 6bcbbe268e0b1ce39d3d4e4b2a5395bfd85a6e0149ce47cab6c67746e537fb95
                                                                                    • Instruction Fuzzy Hash: 57618BB25043099FCB10EF60C9409AFB7E8FF89714F04891EFA9987251DB35E945CB92
                                                                                    Function 00AED076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2
                                                                                      • Part of subcall function 00AEE199: GetFileAttributesW.KERNEL32(?,00AECF95), ref: 00AEE19A
                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00AED122
                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00AED1DD
                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00AED1F0
                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00AED20D
                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AED237
                                                                                      • Part of subcall function 00AED29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00AED21C,?,?), ref: 00AED2B2
                                                                                    • FindClose.KERNEL32(00000000,?,?,?), ref: 00AED253
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AED264
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                    • String ID: \*.*
                                                                                    • API String ID: 1946585618-1173974218
                                                                                    • Opcode ID: 19a1fbfb2723afd52e01d474c34abc81014f0d70c3c0f3f8052e5a1eaa492cb6
                                                                                    • Instruction ID: 773eb41713eccbf4402595b0baabc6cd8e261d1d8bdf2197a5bd629b8caa02ae
                                                                                    • Opcode Fuzzy Hash: 19a1fbfb2723afd52e01d474c34abc81014f0d70c3c0f3f8052e5a1eaa492cb6
                                                                                    • Instruction Fuzzy Hash: 0B615B3180514DABCF05FBE1CA929FEBBB5AF25300F648169E40277191EB31AF09DB61
                                                                                    Function 00AFED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                    • String ID:
                                                                                    • API String ID: 1737998785-0
                                                                                    • Opcode ID: af9a3ef8ef8e53c79e328b08e274697bdcd5115abc236c349af198df0037c115
                                                                                    • Instruction ID: 79a95a6904572e620bdd06bbf713174e58427e41e2642bfe31d36e9f6eebb1a1
                                                                                    • Opcode Fuzzy Hash: af9a3ef8ef8e53c79e328b08e274697bdcd5115abc236c349af198df0037c115
                                                                                    • Instruction Fuzzy Hash: 4441BE35204611AFE320DF55E888B69BBE5FF44328F54C4A9F5558BA72CB35EC41CB90
                                                                                    Function 00AEE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AE16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE170D
                                                                                      • Part of subcall function 00AE16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE173A
                                                                                      • Part of subcall function 00AE16C3: GetLastError.KERNEL32 ref: 00AE174A
                                                                                    • ExitWindowsEx.USER32(?,00000000), ref: 00AEE932
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                    • String ID: $ $@$SeShutdownPrivilege
                                                                                    • API String ID: 2234035333-3163812486
                                                                                    • Opcode ID: 51cbaaf0018f5be85d6040b6eea9415b9a15a5306df5722d4c4e7233fc8c1ea1
                                                                                    • Instruction ID: 3b91874b001344c0658f943144be4fe9e4ff5367617d301409d7b6b0e21bdedd
                                                                                    • Opcode Fuzzy Hash: 51cbaaf0018f5be85d6040b6eea9415b9a15a5306df5722d4c4e7233fc8c1ea1
                                                                                    • Instruction Fuzzy Hash: E601F972650251ABEB54A7B69C8AFFFB2EC9718750F154422FC13E71D3EAB09C4481A4
                                                                                    Function 00B01204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • socket.WSOCK32(00000002,00000001,00000006), ref: 00B01276
                                                                                    • WSAGetLastError.WSOCK32 ref: 00B01283
                                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 00B012BA
                                                                                    • WSAGetLastError.WSOCK32 ref: 00B012C5
                                                                                    • closesocket.WSOCK32(00000000), ref: 00B012F4
                                                                                    • listen.WSOCK32(00000000,00000005), ref: 00B01303
                                                                                    • WSAGetLastError.WSOCK32 ref: 00B0130D
                                                                                    • closesocket.WSOCK32(00000000), ref: 00B0133C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                    • String ID:
                                                                                    • API String ID: 540024437-0
                                                                                    • Opcode ID: ba38ec928b4b33a0d8c8afdc366d59270b205a32d2068a2c6bf2ba908bc8e29d
                                                                                    • Instruction ID: a1aebc5216adb2995f8d11420cccc0a5127f33027ed4e272f202f5520e213c01
                                                                                    • Opcode Fuzzy Hash: ba38ec928b4b33a0d8c8afdc366d59270b205a32d2068a2c6bf2ba908bc8e29d
                                                                                    • Instruction Fuzzy Hash: 2D416D71600100AFD714DF68C588B69BFE5EF46318F588598E8569F2D2C771ED81CBA1
                                                                                    Function 00ABB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _free.LIBCMT ref: 00ABB9D4
                                                                                    • _free.LIBCMT ref: 00ABB9F8
                                                                                    • _free.LIBCMT ref: 00ABBB7F
                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00B23700), ref: 00ABBB91
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00B5121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00ABBC09
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00B51270,000000FF,?,0000003F,00000000,?), ref: 00ABBC36
                                                                                    • _free.LIBCMT ref: 00ABBD4B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                    • String ID:
                                                                                    • API String ID: 314583886-0
                                                                                    • Opcode ID: e52454df7717a7f74418fbf549bfd27a698b6f0e90a84cb057d02ca88fd7bc8c
                                                                                    • Instruction ID: f6f01bacc307bd779328b52db5d2f670b80e0e132159a05bd8d74045396a2c2f
                                                                                    • Opcode Fuzzy Hash: e52454df7717a7f74418fbf549bfd27a698b6f0e90a84cb057d02ca88fd7bc8c
                                                                                    • Instruction Fuzzy Hash: 9DC10371914204AFCB20DF698D51BEABBBCEF46350F14459AE494DB293EBB18E41CB70
                                                                                    Function 00AED3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2
                                                                                      • Part of subcall function 00AEE199: GetFileAttributesW.KERNEL32(?,00AECF95), ref: 00AEE19A
                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00AED420
                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00AED470
                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AED481
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AED498
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AED4A1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                    • String ID: \*.*
                                                                                    • API String ID: 2649000838-1173974218
                                                                                    • Opcode ID: 67c5d8d39828dd213384b6cc03f0e89c868a3327b08bacc3335e4eb6ae2d5ccd
                                                                                    • Instruction ID: 6389eb92870ed2a4460581f46f2fb2ae23b88ff0ab0923a6cc9d7d0600328c36
                                                                                    • Opcode Fuzzy Hash: 67c5d8d39828dd213384b6cc03f0e89c868a3327b08bacc3335e4eb6ae2d5ccd
                                                                                    • Instruction Fuzzy Hash: 683160710083859BC305FF64D9958AFB7E8AEA5314F844A1EF4D593191EB30AA09D763
                                                                                    Function 00ABE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: __floor_pentium4
                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                    • API String ID: 4168288129-2761157908
                                                                                    • Opcode ID: 51c0e5b5be58e30553588eb440b76362d54d8e536541d8e4bad2bbb0069bde29
                                                                                    • Instruction ID: cd4ce8154468fbca8f16f78984a23dbf18b6545926ebb2fced6c69dc5689510d
                                                                                    • Opcode Fuzzy Hash: 51c0e5b5be58e30553588eb440b76362d54d8e536541d8e4bad2bbb0069bde29
                                                                                    • Instruction Fuzzy Hash: 07C23C71E046288FDB25CF68DD407EAB7B9EB49305F1841EAD84DE7242E775AE818F40
                                                                                    Function 00AF648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _wcslen.LIBCMT ref: 00AF64DC
                                                                                    • CoInitialize.OLE32(00000000), ref: 00AF6639
                                                                                    • CoCreateInstance.OLE32(00B1FCF8,00000000,00000001,00B1FB68,?), ref: 00AF6650
                                                                                    • CoUninitialize.OLE32 ref: 00AF68D4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                    • String ID: .lnk
                                                                                    • API String ID: 886957087-24824748
                                                                                    • Opcode ID: a0266997ead616ea7ab75e835d9747c8b8c722686cc185b6dbe9e17d3c395cdf
                                                                                    • Instruction ID: f61de2b5f63e1271355a7624d815bde2df4a44444e55f8140a4a2555e3adea20
                                                                                    • Opcode Fuzzy Hash: a0266997ead616ea7ab75e835d9747c8b8c722686cc185b6dbe9e17d3c395cdf
                                                                                    • Instruction Fuzzy Hash: DAD16971508305AFD304EF64C981A6BB7E8FF98704F14496DF5959B2A1EB30ED09CBA2
                                                                                    Function 00B022DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetForegroundWindow.USER32(?,?,00000000), ref: 00B022E8
                                                                                      • Part of subcall function 00AFE4EC: GetWindowRect.USER32(?,?), ref: 00AFE504
                                                                                    • GetDesktopWindow.USER32 ref: 00B02312
                                                                                    • GetWindowRect.USER32(00000000), ref: 00B02319
                                                                                    • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00B02355
                                                                                    • GetCursorPos.USER32(?), ref: 00B02381
                                                                                    • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00B023DF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                    • String ID:
                                                                                    • API String ID: 2387181109-0
                                                                                    • Opcode ID: 1765d3caa64d80a1587d510bab4b29c8a205e170d1e0a899996c76d8e8ab8c97
                                                                                    • Instruction ID: 88da68813256f7e9850c19172f89eb056ee1ad26fa6af38e578ecc8abdc07233
                                                                                    • Opcode Fuzzy Hash: 1765d3caa64d80a1587d510bab4b29c8a205e170d1e0a899996c76d8e8ab8c97
                                                                                    • Instruction Fuzzy Hash: 3931E072504315AFCB20DF54D849B9BBBEAFF84310F00491AF98997191DB34EA08CB96
                                                                                    Function 00AF9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                    • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00AF9B78
                                                                                    • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00AF9C8B
                                                                                      • Part of subcall function 00AF3874: GetInputState.USER32 ref: 00AF38CB
                                                                                      • Part of subcall function 00AF3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AF3966
                                                                                    • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00AF9BA8
                                                                                    • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00AF9C75
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                    • String ID: *.*
                                                                                    • API String ID: 1972594611-438819550
                                                                                    • Opcode ID: 7f77bf3ed768aa6d69fb27b30746c5032e3b44c374662ba4db3bc5dc9ed82144
                                                                                    • Instruction ID: cc1a6a485f660a2999425aa291ef1bb4c73862f42a523b1f08e711134dcda93e
                                                                                    • Opcode Fuzzy Hash: 7f77bf3ed768aa6d69fb27b30746c5032e3b44c374662ba4db3bc5dc9ed82144
                                                                                    • Instruction Fuzzy Hash: 3241487194420EAFCF54EFA4C985BEEBBB8EF05310F244056F905A2191EB309E85CBA1
                                                                                    Function 00A9997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2
                                                                                    • DefDlgProcW.USER32(?,?,?,?,?), ref: 00A99A4E
                                                                                    • GetSysColor.USER32(0000000F), ref: 00A99B23
                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00A99B36
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Color$LongProcWindow
                                                                                    • String ID:
                                                                                    • API String ID: 3131106179-0
                                                                                    • Opcode ID: 0294db8c13c6a8bb74973c56e25de81460fc95eeeb2703865debb6d2be8b7817
                                                                                    • Instruction ID: 4851ccfee9d54217e2d49a0f5b77b3d55825c50a0c5994b336fdbc43a106b223
                                                                                    • Opcode Fuzzy Hash: 0294db8c13c6a8bb74973c56e25de81460fc95eeeb2703865debb6d2be8b7817
                                                                                    • Instruction Fuzzy Hash: 5FA1E770308544BFEF299B2C8C99FBF36EDEB46380B14454EF503D6A91EA259D42D272
                                                                                    Function 00B01806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00B0304E: inet_addr.WSOCK32(?), ref: 00B0307A
                                                                                      • Part of subcall function 00B0304E: _wcslen.LIBCMT ref: 00B0309B
                                                                                    • socket.WSOCK32(00000002,00000002,00000011), ref: 00B0185D
                                                                                    • WSAGetLastError.WSOCK32 ref: 00B01884
                                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 00B018DB
                                                                                    • WSAGetLastError.WSOCK32 ref: 00B018E6
                                                                                    • closesocket.WSOCK32(00000000), ref: 00B01915
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                    • String ID:
                                                                                    • API String ID: 1601658205-0
                                                                                    • Opcode ID: 1ab6ed3fe6fa37056753b71dae8808e3ab93f1cf0ffabd7f083431573ace8e61
                                                                                    • Instruction ID: ed31004820fa7e4204fd8e7235f5b45ac07afa22149476e45ddd7bea7461ec5e
                                                                                    • Opcode Fuzzy Hash: 1ab6ed3fe6fa37056753b71dae8808e3ab93f1cf0ffabd7f083431573ace8e61
                                                                                    • Instruction Fuzzy Hash: A751D471A002109FEB14AF28C986F6A7BE5EB44718F54C498F9065F3D3D771AD41CBA1
                                                                                    Function 00B11C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                    • String ID:
                                                                                    • API String ID: 292994002-0
                                                                                    • Opcode ID: 59e1951d3a5d923ca1751dac2985c7dbab9f73d6d43a6ae5d35030607e879331
                                                                                    • Instruction ID: 4ef54ba1977b7beb262436abf541f01f71dc7f6b56f6c839ce2bb59516dba315
                                                                                    • Opcode Fuzzy Hash: 59e1951d3a5d923ca1751dac2985c7dbab9f73d6d43a6ae5d35030607e879331
                                                                                    • Instruction Fuzzy Hash: 1221A3317802115FD7209F2ED884BAA7BE5EF95324B9984A8E946CF351CB71DC82CBD0
                                                                                    Function 00A88060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                    • API String ID: 0-1546025612
                                                                                    • Opcode ID: a023ddc79a74144d865e5eae7ae11a1cc9a7547bd328cd0132b88779c6d9ec58
                                                                                    • Instruction ID: 83abbdf3cc227138b27a6a861a5d0fb10c6efc6637a94c267baddb7105d16d7c
                                                                                    • Opcode Fuzzy Hash: a023ddc79a74144d865e5eae7ae11a1cc9a7547bd328cd0132b88779c6d9ec58
                                                                                    • Instruction Fuzzy Hash: 82A27171E0061ACBDF24DF58C940BEEB7B1BF54310F6581AAE815AB285EB749D81CF90
                                                                                    Function 00AEAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00AEAAAC
                                                                                    • SetKeyboardState.USER32(00000080), ref: 00AEAAC8
                                                                                    • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00AEAB36
                                                                                    • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00AEAB88
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                    • String ID:
                                                                                    • API String ID: 432972143-0
                                                                                    • Opcode ID: a4e66b3ef7f87116fa97e82dbdb61a17f41e5a53f520163d1668c568f4c0e29d
                                                                                    • Instruction ID: f0af9e119849d5cca53902eab971261c663e93c7afcc52f709b4be8123edd5f0
                                                                                    • Opcode Fuzzy Hash: a4e66b3ef7f87116fa97e82dbdb61a17f41e5a53f520163d1668c568f4c0e29d
                                                                                    • Instruction Fuzzy Hash: 72310870A80388AEFF35CB66CC05BFA7BA6EB64310F04821AF581961D1D775AD85C762
                                                                                    Function 00AFCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • InternetReadFile.WININET(?,?,00000400,?), ref: 00AFCE89
                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00AFCEEA
                                                                                    • SetEvent.KERNEL32(?,?,00000000), ref: 00AFCEFE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorEventFileInternetLastRead
                                                                                    • String ID:
                                                                                    • API String ID: 234945975-0
                                                                                    • Opcode ID: e2c9fbc0d6ce9420b7f98fe1bacd4bc78ad7c46bbfccbe5bc0454bac0ed2af19
                                                                                    • Instruction ID: d2b0068455f9208002f408f2bc4f67e4db9802e09096e65faa4c298778e18467
                                                                                    • Opcode Fuzzy Hash: e2c9fbc0d6ce9420b7f98fe1bacd4bc78ad7c46bbfccbe5bc0454bac0ed2af19
                                                                                    • Instruction Fuzzy Hash: 32215E7154070DABD720DFA6DA44BA6BBF8EF50364F10841AF646D3151EB74EE048B54
                                                                                    Function 00AE8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00AE82AA
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrlen
                                                                                    • String ID: ($|
                                                                                    • API String ID: 1659193697-1631851259
                                                                                    • Opcode ID: b0b0b169828a664d3c0d25298dd80fae242ce2571c2a6197ca92a2754aa57427
                                                                                    • Instruction ID: e82fe329077f8f6dcfc38cceaaa592bd125d409cd3bb082516382997063adf51
                                                                                    • Opcode Fuzzy Hash: b0b0b169828a664d3c0d25298dd80fae242ce2571c2a6197ca92a2754aa57427
                                                                                    • Instruction Fuzzy Hash: F0323575A007469FCB28CF5AC481A6AB7F0FF48710B15C56EE49ADB3A1EB74E941CB40
                                                                                    Function 00AF5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00AF5CC1
                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00AF5D17
                                                                                    • FindClose.KERNEL32(?), ref: 00AF5D5F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                    • String ID:
                                                                                    • API String ID: 3541575487-0
                                                                                    • Opcode ID: 527ecaeca86188e0b75e909112e5344ffc7d790f704110c2721b64397c290ffa
                                                                                    • Instruction ID: 5df8178655b7a0fc9449b36c3e5a66f3839fa7dc4fae917aa3de97bc884d2d42
                                                                                    • Opcode Fuzzy Hash: 527ecaeca86188e0b75e909112e5344ffc7d790f704110c2721b64397c290ffa
                                                                                    • Instruction Fuzzy Hash: 1551AC34A046059FC714DF68C484AA6B7E4FF0A324F14855DFA9A8B3A1DB30ED04CF91
                                                                                    Function 00AB2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • IsDebuggerPresent.KERNEL32 ref: 00AB271A
                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00AB2724
                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00AB2731
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                    • String ID:
                                                                                    • API String ID: 3906539128-0
                                                                                    • Opcode ID: c8ec7c3abe1992cca2fa021a7a76b6e0a8bc7bf99e76673835b057dc4c9fcc2a
                                                                                    • Instruction ID: 4f33a31608c5fb75d33d16ecadde4b2f2727c541a0e9b8a0fbe8029d40ff41c5
                                                                                    • Opcode Fuzzy Hash: c8ec7c3abe1992cca2fa021a7a76b6e0a8bc7bf99e76673835b057dc4c9fcc2a
                                                                                    • Instruction Fuzzy Hash: 3D31D5749412189BCB21DF68DD88BDDBBB8AF08310F5041EAE41CA72A1EB309F818F44
                                                                                    Function 00AF51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00AF51DA
                                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00AF5238
                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 00AF52A1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorMode$DiskFreeSpace
                                                                                    • String ID:
                                                                                    • API String ID: 1682464887-0
                                                                                    • Opcode ID: a1bde0c2520100abf49debae49f31a890a2c5fd11a78ef0024e6bb699dedfc3f
                                                                                    • Instruction ID: 5d0bd1ca2b7b7bab36a5adf33afe96e1a9e82b29c00c8fac127b04531b2c8709
                                                                                    • Opcode Fuzzy Hash: a1bde0c2520100abf49debae49f31a890a2c5fd11a78ef0024e6bb699dedfc3f
                                                                                    • Instruction Fuzzy Hash: 2D314F75A00518DFDB00DF94D884EEDBBB4FF49314F048099E905AB352DB31E855CBA0
                                                                                    Function 00AE16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A9FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00AA0668
                                                                                      • Part of subcall function 00A9FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00AA0685
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE170D
                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE173A
                                                                                    • GetLastError.KERNEL32 ref: 00AE174A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                    • String ID:
                                                                                    • API String ID: 577356006-0
                                                                                    • Opcode ID: 0a44bc970848e3bd27a9b75e65008f08b8360b5d62df1e3984e81f81d6b22ab0
                                                                                    • Instruction ID: 7d224c814fc1e6a073da4e7e16bdc074093fefbe7f7b01424c1f9c795938d91e
                                                                                    • Opcode Fuzzy Hash: 0a44bc970848e3bd27a9b75e65008f08b8360b5d62df1e3984e81f81d6b22ab0
                                                                                    • Instruction Fuzzy Hash: 3B11CEB2510304AFD718AF54EC86DAABBF9EB08B14B20852EE05697641EB70BC41CA24
                                                                                    Function 00AED5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AED608
                                                                                    • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00AED645
                                                                                    • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AED650
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                    • String ID:
                                                                                    • API String ID: 33631002-0
                                                                                    • Opcode ID: 295a834c4fb48881058d8742ed6f72e6316353c022275d871a4485b1ac2d7c80
                                                                                    • Instruction ID: c340cceead0974c0ff8891070722e609ab7d8a4acb19cf3434a6924f8e0a887f
                                                                                    • Opcode Fuzzy Hash: 295a834c4fb48881058d8742ed6f72e6316353c022275d871a4485b1ac2d7c80
                                                                                    • Instruction Fuzzy Hash: 13113C75E45228BBDB108F95AC45FEFBFBCEB45B50F108115F914E7290D6704A058BA1
                                                                                    Function 00AE1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00AE168C
                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00AE16A1
                                                                                    • FreeSid.ADVAPI32(?), ref: 00AE16B1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                    • String ID:
                                                                                    • API String ID: 3429775523-0
                                                                                    • Opcode ID: 55e50b9a131c8b7de9fcc8df639eb9d6386ea525acebe73111ad181170e71f64
                                                                                    • Instruction ID: 8aa8dde40552bf11f4b27a7b9f3a7a757650272b79daf6b338e387d9f20e2156
                                                                                    • Opcode Fuzzy Hash: 55e50b9a131c8b7de9fcc8df639eb9d6386ea525acebe73111ad181170e71f64
                                                                                    • Instruction Fuzzy Hash: EDF0F471990309FBDB00DFE49C89EAEBBBCEB08604F508565E501E2181E774AA448A50
                                                                                    Function 00ABC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: /
                                                                                    • API String ID: 0-2043925204
                                                                                    • Opcode ID: 144e64d512263bd70a6f3c842e7f6a4fb033893d0e2223ad881b699dfcd098a0
                                                                                    • Instruction ID: 5e9c57220adda51837eb591508203889d0173c02b1df28c847811ae883e17c4b
                                                                                    • Opcode Fuzzy Hash: 144e64d512263bd70a6f3c842e7f6a4fb033893d0e2223ad881b699dfcd098a0
                                                                                    • Instruction Fuzzy Hash: CD415B725002186FCB20AFB9CC48EFBB7BCEB84724F504269F915CB182E6719E81CB50
                                                                                    Function 00ADD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 00ADD28C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: NameUser
                                                                                    • String ID: X64
                                                                                    • API String ID: 2645101109-893830106
                                                                                    • Opcode ID: 9b8c01fb8d14535b421e9fbc08af6a3fedd016068bd12aad8b884ec8403ca338
                                                                                    • Instruction ID: 88e7a58779805b86ea4b82cd9bf63e583fbd2eb44ba1f488c513cbdfe351344f
                                                                                    • Opcode Fuzzy Hash: 9b8c01fb8d14535b421e9fbc08af6a3fedd016068bd12aad8b884ec8403ca338
                                                                                    • Instruction Fuzzy Hash: 0FD0CAB480122DEACF94CBA0EC88DDAB7BCBB08345F204292F146A2100DB3096888F20
                                                                                    Function 00AACAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                    • Instruction ID: f0c1a4aec0f960fa73f5699264b99f5ea929de64bbb3b2cf06fbe6dddf5bfdb7
                                                                                    • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                    • Instruction Fuzzy Hash: A3021E71E002199FEF24CFA9C9806ADFBF1EF49324F258169D919E7384D731AE418B94
                                                                                    Function 00AF68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00AF6918
                                                                                    • FindClose.KERNEL32(00000000), ref: 00AF6961
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Find$CloseFileFirst
                                                                                    • String ID:
                                                                                    • API String ID: 2295610775-0
                                                                                    • Opcode ID: a4e76a629afdb182037d4414f731fb9629bd4c09b121a4b2678116809cf4d58c
                                                                                    • Instruction ID: 63e788d81139e1af7025120fbba72a8b35b15c6a39bec8c93a09892d9db5daef
                                                                                    • Opcode Fuzzy Hash: a4e76a629afdb182037d4414f731fb9629bd4c09b121a4b2678116809cf4d58c
                                                                                    • Instruction Fuzzy Hash: 04118E316042049FD710DF69D4C4A26BBE5FF85328F54C699F5698F6A2CB70EC05CB91
                                                                                    Function 00AF37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00B04891,?,?,00000035,?), ref: 00AF37E4
                                                                                    • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00B04891,?,?,00000035,?), ref: 00AF37F4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorFormatLastMessage
                                                                                    • String ID:
                                                                                    • API String ID: 3479602957-0
                                                                                    • Opcode ID: 7cbaa96a44db0fdd4a4948804079b96c27f3ed4bfb8234607a58e278da4ed3a3
                                                                                    • Instruction ID: 03bf59dc581deae2dfd1d9fcb77b94dbb49adb7a5fe4a611bb915d3bfccb2040
                                                                                    • Opcode Fuzzy Hash: 7cbaa96a44db0fdd4a4948804079b96c27f3ed4bfb8234607a58e278da4ed3a3
                                                                                    • Instruction Fuzzy Hash: BFF0E5B17042282AEB2067A69D4DFEB7AAEEFC5761F000165F609D3281D9B09944C7F0
                                                                                    Function 00AEB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00AEB25D
                                                                                    • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00AEB270
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InputSendkeybd_event
                                                                                    • String ID:
                                                                                    • API String ID: 3536248340-0
                                                                                    • Opcode ID: 0e5dc09109001a7520f32620cc6b3709cea88dcd9a5467bbdb60d0a555c2a2e1
                                                                                    • Instruction ID: 61319686cab56b46569ad4ba33ad315c86924ce7a658fcaf326dad5630381ccb
                                                                                    • Opcode Fuzzy Hash: 0e5dc09109001a7520f32620cc6b3709cea88dcd9a5467bbdb60d0a555c2a2e1
                                                                                    • Instruction Fuzzy Hash: E4F01D7185428DABDB059FA1C806BEE7FB4FF04305F008009F965A6191C77986119FA4
                                                                                    Function 00AE10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00AE11FC), ref: 00AE10D4
                                                                                    • CloseHandle.KERNEL32(?,?,00AE11FC), ref: 00AE10E9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AdjustCloseHandlePrivilegesToken
                                                                                    • String ID:
                                                                                    • API String ID: 81990902-0
                                                                                    • Opcode ID: 13bf47cde2bd24039ee455ea8b05c9094e62ab15e6b9185e2fd39e851d8839a2
                                                                                    • Instruction ID: 9081938c69fe2dd503b008352a19035cc8bd0b3bfba0a271510cfe69b4128066
                                                                                    • Opcode Fuzzy Hash: 13bf47cde2bd24039ee455ea8b05c9094e62ab15e6b9185e2fd39e851d8839a2
                                                                                    • Instruction Fuzzy Hash: B7E0BF72154610AFEB252B51FD09EB77BE9EB04310B24C82DF5A5814B1DB726C90DB54
                                                                                    Function 00A8CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • Variable is not of type 'Object'., xrefs: 00AD0C40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Variable is not of type 'Object'.
                                                                                    • API String ID: 0-1840281001
                                                                                    • Opcode ID: 734f1855d61c729895fc9b037d5fdda8a5b8daa20527d10a6e3d7f6c64f107e5
                                                                                    • Instruction ID: 2421e9ef46bf31b118aef2a658d247f8d2e2932c4e9c995e38817fc0536a48e2
                                                                                    • Opcode Fuzzy Hash: 734f1855d61c729895fc9b037d5fdda8a5b8daa20527d10a6e3d7f6c64f107e5
                                                                                    • Instruction Fuzzy Hash: 75328870900218DFDF14EF94D985BEDBBB5BF05318F14806AE806AB292DB75AE45CF60
                                                                                    Function 00AB676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00AB6766,?,?,00000008,?,?,00ABFEFE,00000000), ref: 00AB6998
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionRaise
                                                                                    • String ID:
                                                                                    • API String ID: 3997070919-0
                                                                                    • Opcode ID: 12bef984b4ab182706006702ab22c3bbce86294f813a5abd93abe0d2210101d3
                                                                                    • Instruction ID: 160671e1170b19a4320203e91a1d1b925265550ec699a9206cf4fae5e03816e5
                                                                                    • Opcode Fuzzy Hash: 12bef984b4ab182706006702ab22c3bbce86294f813a5abd93abe0d2210101d3
                                                                                    • Instruction Fuzzy Hash: 53B13C726106089FDB15CF28C486BA57BF4FF45364F29865CE899CF2A2C739E991CB40
                                                                                    Function 00A9B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID: 0-3916222277
                                                                                    • Opcode ID: b1cba6e7569677588b1b643648cc5afc5b5b88ee3987ca758300f807d47eef20
                                                                                    • Instruction ID: 0631869903f56784e7b3c6475d3f37f94b91e250edfb82566ddbdb6536389d65
                                                                                    • Opcode Fuzzy Hash: b1cba6e7569677588b1b643648cc5afc5b5b88ee3987ca758300f807d47eef20
                                                                                    • Instruction Fuzzy Hash: 58126D75A10229DBCF24CF58D9806EEB7F5FF48710F14819AE809EB255DB349A81DFA0
                                                                                    Function 00AFEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • BlockInput.USER32(00000001), ref: 00AFEABD
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: BlockInput
                                                                                    • String ID:
                                                                                    • API String ID: 3456056419-0
                                                                                    • Opcode ID: 328a42b25f79e97a3c9d6f6bac3ee599497e31db378295745a474670c037834a
                                                                                    • Instruction ID: fda4c20d486e2f09378efa38786bf5c0ab2dde09f5a40b0022d0443a8d566bc7
                                                                                    • Opcode Fuzzy Hash: 328a42b25f79e97a3c9d6f6bac3ee599497e31db378295745a474670c037834a
                                                                                    • Instruction Fuzzy Hash: 71E01A312102049FD710EF99D804E9ABBE9AF987A0F408426FD4AC7261DB70A8408BA0
                                                                                    Function 00AA09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00AA03EE), ref: 00AA09DA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                    • String ID:
                                                                                    • API String ID: 3192549508-0
                                                                                    • Opcode ID: 4dc7be7a3a4dabee086e78310ec363755923758dc53211666dcb6ccf1e263271
                                                                                    • Instruction ID: 7fe7c3d36912501d4df602322a8e1ab339a458c759d7d57127d6181e343f5337
                                                                                    • Opcode Fuzzy Hash: 4dc7be7a3a4dabee086e78310ec363755923758dc53211666dcb6ccf1e263271
                                                                                    • Instruction Fuzzy Hash:
                                                                                    Function 00AA781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 0
                                                                                    • API String ID: 0-4108050209
                                                                                    • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                    • Instruction ID: 36071676543707f8f74878427c837d6691ef61e1d017ca905ae6f8476c02bf0f
                                                                                    • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                    • Instruction Fuzzy Hash: 5551557260C7056BDB3887688D5EBBF63A99B0B340F18051BD886D72C2CB1DDE85D356
                                                                                    Function 00AB6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 95ee080141789b6b802c942246ef3edc073ae1d853912c57b0a76b69b3789f3e
                                                                                    • Instruction ID: 2cccfcec255029e85f56d26afc1bac7bf817e3db9d046ed82912cf5df2423e46
                                                                                    • Opcode Fuzzy Hash: 95ee080141789b6b802c942246ef3edc073ae1d853912c57b0a76b69b3789f3e
                                                                                    • Instruction Fuzzy Hash: AB320022D29F414DD7339634C822339A65DAFB73C5F15D737E81AB69AAEF69C4834100
                                                                                    Function 00A9CC39 Relevance: .6, Instructions: 635COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 61a63bb8b4adcfff60ba35267b64d96007e5cab59dd6070381b01fa1f638f80b
                                                                                    • Instruction ID: f7302250b88250565732704f09020a26930520a079ddf4bef231cee01807d756
                                                                                    • Opcode Fuzzy Hash: 61a63bb8b4adcfff60ba35267b64d96007e5cab59dd6070381b01fa1f638f80b
                                                                                    • Instruction Fuzzy Hash: 9432E131B401168BDF28CB69C4946BD7BF2EB45330FA8856BD49B9B392D634DE81DB40
                                                                                    Function 00A87920 Relevance: .6, Instructions: 563COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fc6c2ab4a56560a947344950cf5dd9e78bf254c129c9da684f8d5f04ad73cdc2
                                                                                    • Instruction ID: 1f513b970b14c9cefb652aacb93709e7d4488baed12615294f9b45d008960ba5
                                                                                    • Opcode Fuzzy Hash: fc6c2ab4a56560a947344950cf5dd9e78bf254c129c9da684f8d5f04ad73cdc2
                                                                                    • Instruction Fuzzy Hash: BF228F70E046099FDF14DFA5C981BAEB7F6FF44300F244529E816AB291EB35E951CB50
                                                                                    Function 00A891C0 Relevance: .5, Instructions: 475COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3d1abea35967ed6f0bb77966a75c7e687d471bb0078e6c110c1bbf658ad9889b
                                                                                    • Instruction ID: 51b4c00f11c00933c3ae81e48db03469c54e59f413f57b477c2b2788b431d99b
                                                                                    • Opcode Fuzzy Hash: 3d1abea35967ed6f0bb77966a75c7e687d471bb0078e6c110c1bbf658ad9889b
                                                                                    • Instruction Fuzzy Hash: F70280B1A0020AEFDF04DF54D981BAEB7F1FF44340F158169E816DB291EB31AA21CB95
                                                                                    Function 00AB9EEE Relevance: .3, Instructions: 294COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d9a741f98128e3f170f3c25c4e2ad1c575ff62b1df76b115259c6a460a5fe445
                                                                                    • Instruction ID: a93be53529e9004efe11b325dd427d76790308967ac044447f059c02d66dfd55
                                                                                    • Opcode Fuzzy Hash: d9a741f98128e3f170f3c25c4e2ad1c575ff62b1df76b115259c6a460a5fe445
                                                                                    • Instruction Fuzzy Hash: DFB1F220D2AF414DD32396398871336B69CAFBB6D5F91D71BFC2675D22EF2686834140
                                                                                    Function 00AA1C77 Relevance: .3, Instructions: 254COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                    • Instruction ID: 4e36eb484c560cbb63633f516119c626051bcc5d79c30b1d7cb7cb93eedef793
                                                                                    • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                    • Instruction Fuzzy Hash: 569153726080A35ADB29473A857407EFFE15A933B2B1A079ED4F2CB1C5FF249964D620
                                                                                    Function 00AA1F32 Relevance: .2, Instructions: 244COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                    • Instruction ID: 5e829aecc28e684111fe55ee5fd4f9fcfc46f005b644cf1a9b16d502cac15660
                                                                                    • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                    • Instruction Fuzzy Hash: EF912F722090A34EDB69473D857453EFFE15A933A171A079EE4F2CB1C5EF248964E720
                                                                                    Function 00AA19B0 Relevance: .2, Instructions: 240COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                    • Instruction ID: 96d52092c10e8c1ab45088d8743351ec65cf85cf093652d2eb3d7e33c3889cdc
                                                                                    • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                    • Instruction Fuzzy Hash: 549130722090A35EDB69477A857403EFFF15A933A2B1A079ED4F2CB1C1FF248965D620
                                                                                    Function 00AA7A4A Relevance: .2, Instructions: 237COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ebf312025fd685482e07da92bcadefc8b07612218551987a7ef8ca380c887fb1
                                                                                    • Instruction ID: 27f845dc10b4906fc426ee2810f3034d68a0585c799b5820c95135d1b2c08dd0
                                                                                    • Opcode Fuzzy Hash: ebf312025fd685482e07da92bcadefc8b07612218551987a7ef8ca380c887fb1
                                                                                    • Instruction Fuzzy Hash: F96137B1708709A6DE349B288D95BBF63A8DF43750F24091AE843DB2C1DB159E42C775
                                                                                    Function 00AA7CA7 Relevance: .2, Instructions: 237COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0de080297a5409d978f6569f19a908afe248f3a4ecbd8095941aeb785e659bbe
                                                                                    • Instruction ID: 447c52a392f2bf35b438ffcdc35c8f3f7e386d4dfbedc3361b3748c028e9deaf
                                                                                    • Opcode Fuzzy Hash: 0de080297a5409d978f6569f19a908afe248f3a4ecbd8095941aeb785e659bbe
                                                                                    • Instruction Fuzzy Hash: A661997160870967DF388B288DA5BBF63A8EF43704F14095AE943DB2C1EB16ED428B55
                                                                                    Function 00AA1706 Relevance: .2, Instructions: 232COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                    • Instruction ID: f3064c1ef404cf326a88a49b6cc334b914c53b16a87077993816bddc45391849
                                                                                    • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                    • Instruction Fuzzy Hash: 848174726090A31DDB6D473A857443EFFE15A933A1B1A079DD4F2CB1C1EF24C954E620
                                                                                    Function 00A9D063 Relevance: .1, Instructions: 134COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 258c31b98c21070db14766f0e04f80bb9f7ca5d19298dc7472ee0d830283b858
                                                                                    • Instruction ID: 0b40acc8305f8a9403fc51106febde4f8529244de17a77a5ac17b760e15b7156
                                                                                    • Opcode Fuzzy Hash: 258c31b98c21070db14766f0e04f80bb9f7ca5d19298dc7472ee0d830283b858
                                                                                    • Instruction Fuzzy Hash: 75512A9985FBDA1FDB179734886A198FFB0AC1726174887CFD8825E8CBD381041AC75B
                                                                                    Function 00AF2046 Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 284c4cdcf42df3814828f3ca44ad4ee68e879d544a6254c94109ab6f711dac70
                                                                                    • Instruction ID: ff8ae548ba247c5f1dbd8e70ac8d45b9f1502eab957b2bb6343cb0f9cd3f8453
                                                                                    • Opcode Fuzzy Hash: 284c4cdcf42df3814828f3ca44ad4ee68e879d544a6254c94109ab6f711dac70
                                                                                    • Instruction Fuzzy Hash: B521A5326216158BDB28CF79C82277A73E5A764311F15866EE4A7C37D0DE39AD04CB80
                                                                                    Function 00B02ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DeleteObject.GDI32(00000000), ref: 00B02B30
                                                                                    • DeleteObject.GDI32(00000000), ref: 00B02B43
                                                                                    • DestroyWindow.USER32 ref: 00B02B52
                                                                                    • GetDesktopWindow.USER32 ref: 00B02B6D
                                                                                    • GetWindowRect.USER32(00000000), ref: 00B02B74
                                                                                    • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00B02CA3
                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00B02CB1
                                                                                    • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02CF8
                                                                                    • GetClientRect.USER32(00000000,?), ref: 00B02D04
                                                                                    • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00B02D40
                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D62
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D75
                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D80
                                                                                    • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D89
                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D98
                                                                                    • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02DA1
                                                                                    • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02DA8
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00B02DB3
                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02DC5
                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,00B1FC38,00000000), ref: 00B02DDB
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00B02DEB
                                                                                    • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00B02E11
                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00B02E30
                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02E52
                                                                                    • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B0303F
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                    • String ID: $AutoIt v3$DISPLAY$static
                                                                                    • API String ID: 2211948467-2373415609
                                                                                    • Opcode ID: 4be34078b4bc6f0c90c18eac45af2728118c252187ddd736e904d7701c257b78
                                                                                    • Instruction ID: 114e6cd75076a1fa9b2eedb53aa4ff41fe7ef931a7424e0efc35b3106dfc52b2
                                                                                    • Opcode Fuzzy Hash: 4be34078b4bc6f0c90c18eac45af2728118c252187ddd736e904d7701c257b78
                                                                                    • Instruction Fuzzy Hash: 93028A71940205AFDB14DFA4CD89EAE7FB9FB49711F108598F915AB2A1DB70ED00CB60
                                                                                    Function 00B170D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00B1712F
                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00B17160
                                                                                    • GetSysColor.USER32(0000000F), ref: 00B1716C
                                                                                    • SetBkColor.GDI32(?,000000FF), ref: 00B17186
                                                                                    • SelectObject.GDI32(?,?), ref: 00B17195
                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00B171C0
                                                                                    • GetSysColor.USER32(00000010), ref: 00B171C8
                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 00B171CF
                                                                                    • FrameRect.USER32(?,?,00000000), ref: 00B171DE
                                                                                    • DeleteObject.GDI32(00000000), ref: 00B171E5
                                                                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 00B17230
                                                                                    • FillRect.USER32(?,?,?), ref: 00B17262
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B17284
                                                                                      • Part of subcall function 00B173E8: GetSysColor.USER32(00000012), ref: 00B17421
                                                                                      • Part of subcall function 00B173E8: SetTextColor.GDI32(?,?), ref: 00B17425
                                                                                      • Part of subcall function 00B173E8: GetSysColorBrush.USER32(0000000F), ref: 00B1743B
                                                                                      • Part of subcall function 00B173E8: GetSysColor.USER32(0000000F), ref: 00B17446
                                                                                      • Part of subcall function 00B173E8: GetSysColor.USER32(00000011), ref: 00B17463
                                                                                      • Part of subcall function 00B173E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B17471
                                                                                      • Part of subcall function 00B173E8: SelectObject.GDI32(?,00000000), ref: 00B17482
                                                                                      • Part of subcall function 00B173E8: SetBkColor.GDI32(?,00000000), ref: 00B1748B
                                                                                      • Part of subcall function 00B173E8: SelectObject.GDI32(?,?), ref: 00B17498
                                                                                      • Part of subcall function 00B173E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00B174B7
                                                                                      • Part of subcall function 00B173E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B174CE
                                                                                      • Part of subcall function 00B173E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00B174DB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                    • String ID:
                                                                                    • API String ID: 4124339563-0
                                                                                    • Opcode ID: 3f156100c8c3fa0adc6bb5e2e82c224e93a0c3b5667f9b41eb2ec8ee2e9b1ff9
                                                                                    • Instruction ID: 67a98e6c50c074cbc8980a448beced26829d9f7290243ed250c0af910e11ddac
                                                                                    • Opcode Fuzzy Hash: 3f156100c8c3fa0adc6bb5e2e82c224e93a0c3b5667f9b41eb2ec8ee2e9b1ff9
                                                                                    • Instruction Fuzzy Hash: 97A18E72088301FFDB019F60DC48A9A7BF9FB49320F904A19F962A71A1DB70E9458B91
                                                                                    Function 00A98D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DestroyWindow.USER32(?,?), ref: 00A98E14
                                                                                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 00AD6AC5
                                                                                    • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00AD6AFE
                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00AD6F43
                                                                                      • Part of subcall function 00A98F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A98BE8,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00A98FC5
                                                                                    • SendMessageW.USER32(?,00001053), ref: 00AD6F7F
                                                                                    • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00AD6F96
                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00AD6FAC
                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00AD6FB7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                    • String ID: 0
                                                                                    • API String ID: 2760611726-4108050209
                                                                                    • Opcode ID: cb2483d5b6115b5d6543f3e5b04dccfb840690307f0985d43e11a8c42e384042
                                                                                    • Instruction ID: 2a0e38c1869611c395d7a9e4d0ee0e79f2711b21d637197e988245edd346806f
                                                                                    • Opcode Fuzzy Hash: cb2483d5b6115b5d6543f3e5b04dccfb840690307f0985d43e11a8c42e384042
                                                                                    • Instruction Fuzzy Hash: CC12AD30600611DFDB25CF28D994BAABBF5FB49301F54846AF4968B261CB35EC52CB91
                                                                                    Function 00B02711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DestroyWindow.USER32(00000000), ref: 00B0273E
                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00B0286A
                                                                                    • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00B028A9
                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00B028B9
                                                                                    • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00B02900
                                                                                    • GetClientRect.USER32(00000000,?), ref: 00B0290C
                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00B02955
                                                                                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00B02964
                                                                                    • GetStockObject.GDI32(00000011), ref: 00B02974
                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00B02978
                                                                                    • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00B02988
                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B02991
                                                                                    • DeleteDC.GDI32(00000000), ref: 00B0299A
                                                                                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00B029C6
                                                                                    • SendMessageW.USER32(00000030,00000000,00000001), ref: 00B029DD
                                                                                    • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00B02A1D
                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00B02A31
                                                                                    • SendMessageW.USER32(00000404,00000001,00000000), ref: 00B02A42
                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00B02A77
                                                                                    • GetStockObject.GDI32(00000011), ref: 00B02A82
                                                                                    • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00B02A8D
                                                                                    • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00B02A97
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                    • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                    • API String ID: 2910397461-517079104
                                                                                    • Opcode ID: 5f767fc5a62092cdf3d4206eca6d3c4e67c98b84da7feb3cd4439abc359f9ade
                                                                                    • Instruction ID: b0e68b093fa5918c586f4fed15160483d76e85cb7301fafc6201f1eb26616f2b
                                                                                    • Opcode Fuzzy Hash: 5f767fc5a62092cdf3d4206eca6d3c4e67c98b84da7feb3cd4439abc359f9ade
                                                                                    • Instruction Fuzzy Hash: BCB14971A40215BFEB14DFA8CD89FAE7BB9EB08711F108554F915E72A0DB70AD40CBA4
                                                                                    Function 00AF4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00AF4AED
                                                                                    • GetDriveTypeW.KERNEL32(?,00B1CB68,?,\\.\,00B1CC08), ref: 00AF4BCA
                                                                                    • SetErrorMode.KERNEL32(00000000,00B1CB68,?,\\.\,00B1CC08), ref: 00AF4D36
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorMode$DriveType
                                                                                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                    • API String ID: 2907320926-4222207086
                                                                                    • Opcode ID: 85a8120173ab2d3a797613af03d81fc28dbbba477c88595718beb95cc3163432
                                                                                    • Instruction ID: 5c7d31d69e6bdf5435c16c32d068931689cad9e41a63c4203d512441a16b6797
                                                                                    • Opcode Fuzzy Hash: 85a8120173ab2d3a797613af03d81fc28dbbba477c88595718beb95cc3163432
                                                                                    • Instruction Fuzzy Hash: 7E61D430A4520D9BCB04DFA4CA8197E77F0EB4D714B249065F906AB262DB35DE42EB52
                                                                                    Function 00B173E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetSysColor.USER32(00000012), ref: 00B17421
                                                                                    • SetTextColor.GDI32(?,?), ref: 00B17425
                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00B1743B
                                                                                    • GetSysColor.USER32(0000000F), ref: 00B17446
                                                                                    • CreateSolidBrush.GDI32(?), ref: 00B1744B
                                                                                    • GetSysColor.USER32(00000011), ref: 00B17463
                                                                                    • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B17471
                                                                                    • SelectObject.GDI32(?,00000000), ref: 00B17482
                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00B1748B
                                                                                    • SelectObject.GDI32(?,?), ref: 00B17498
                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00B174B7
                                                                                    • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B174CE
                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00B174DB
                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B1752A
                                                                                    • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00B17554
                                                                                    • InflateRect.USER32(?,000000FD,000000FD), ref: 00B17572
                                                                                    • DrawFocusRect.USER32(?,?), ref: 00B1757D
                                                                                    • GetSysColor.USER32(00000011), ref: 00B1758E
                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00B17596
                                                                                    • DrawTextW.USER32(?,00B170F5,000000FF,?,00000000), ref: 00B175A8
                                                                                    • SelectObject.GDI32(?,?), ref: 00B175BF
                                                                                    • DeleteObject.GDI32(?), ref: 00B175CA
                                                                                    • SelectObject.GDI32(?,?), ref: 00B175D0
                                                                                    • DeleteObject.GDI32(?), ref: 00B175D5
                                                                                    • SetTextColor.GDI32(?,?), ref: 00B175DB
                                                                                    • SetBkColor.GDI32(?,?), ref: 00B175E5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                    • String ID:
                                                                                    • API String ID: 1996641542-0
                                                                                    • Opcode ID: ebe143cf42c6e42b207fabfc1d505e8545ce84f25b6e150b5e07cb36f6c90c48
                                                                                    • Instruction ID: 20c9c8fa4ffc88904643ec9b3ad3a3364225fb471cbfa23273ce1911398c66c0
                                                                                    • Opcode Fuzzy Hash: ebe143cf42c6e42b207fabfc1d505e8545ce84f25b6e150b5e07cb36f6c90c48
                                                                                    • Instruction Fuzzy Hash: 02615D72984218FFDF019FA4DC49AEE7FB9EB08320F618155F915BB2A1DB749940CB90
                                                                                    Function 00B10FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCursorPos.USER32(?), ref: 00B11128
                                                                                    • GetDesktopWindow.USER32 ref: 00B1113D
                                                                                    • GetWindowRect.USER32(00000000), ref: 00B11144
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B11199
                                                                                    • DestroyWindow.USER32(?), ref: 00B111B9
                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00B111ED
                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B1120B
                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B1121D
                                                                                    • SendMessageW.USER32(00000000,00000421,?,?), ref: 00B11232
                                                                                    • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00B11245
                                                                                    • IsWindowVisible.USER32(00000000), ref: 00B112A1
                                                                                    • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00B112BC
                                                                                    • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00B112D0
                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00B112E8
                                                                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 00B1130E
                                                                                    • GetMonitorInfoW.USER32(00000000,?), ref: 00B11328
                                                                                    • CopyRect.USER32(?,?), ref: 00B1133F
                                                                                    • SendMessageW.USER32(00000000,00000412,00000000), ref: 00B113AA
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                    • String ID: ($0$tooltips_class32
                                                                                    • API String ID: 698492251-4156429822
                                                                                    • Opcode ID: 61546cc84ab6ce67390fc6e5fed97a534542c60d0ea1000c209956d57b5879a9
                                                                                    • Instruction ID: 36c76d7c6fe2e35d55136b50c7b14d2c49946b01c6232ddb803493fd5f7228a2
                                                                                    • Opcode Fuzzy Hash: 61546cc84ab6ce67390fc6e5fed97a534542c60d0ea1000c209956d57b5879a9
                                                                                    • Instruction Fuzzy Hash: 5AB19E71604341AFD704DF68C985BAEBBE4FF88750F408958FA999B2A1CB31DC44CBA1
                                                                                    Function 00B10241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00B102E5
                                                                                    • _wcslen.LIBCMT ref: 00B1031F
                                                                                    • _wcslen.LIBCMT ref: 00B10389
                                                                                    • _wcslen.LIBCMT ref: 00B103F1
                                                                                    • _wcslen.LIBCMT ref: 00B10475
                                                                                    • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00B104C5
                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B10504
                                                                                      • Part of subcall function 00A9F9F2: _wcslen.LIBCMT ref: 00A9F9FD
                                                                                      • Part of subcall function 00AE223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00AE2258
                                                                                      • Part of subcall function 00AE223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00AE228A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                    • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                    • API String ID: 1103490817-719923060
                                                                                    • Opcode ID: 4bd7993f96bb95a50c869e124eccfad9a97fc44772cbe197e874c4b27d184596
                                                                                    • Instruction ID: 0a77face2f4fa4aec55a1eaa64f0884f4394e91ed08418d18ba247c0935edba7
                                                                                    • Opcode Fuzzy Hash: 4bd7993f96bb95a50c869e124eccfad9a97fc44772cbe197e874c4b27d184596
                                                                                    • Instruction Fuzzy Hash: C5E1C2312282018FC714EF24C5909AAB7E6FFD8714B94499CF8969B3A1DB70EDC5CB51
                                                                                    Function 00A98891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A98968
                                                                                    • GetSystemMetrics.USER32(00000007), ref: 00A98970
                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A9899B
                                                                                    • GetSystemMetrics.USER32(00000008), ref: 00A989A3
                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00A989C8
                                                                                    • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00A989E5
                                                                                    • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00A989F5
                                                                                    • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00A98A28
                                                                                    • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00A98A3C
                                                                                    • GetClientRect.USER32(00000000,000000FF), ref: 00A98A5A
                                                                                    • GetStockObject.GDI32(00000011), ref: 00A98A76
                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A98A81
                                                                                      • Part of subcall function 00A9912D: GetCursorPos.USER32(?), ref: 00A99141
                                                                                      • Part of subcall function 00A9912D: ScreenToClient.USER32(00000000,?), ref: 00A9915E
                                                                                      • Part of subcall function 00A9912D: GetAsyncKeyState.USER32(00000001), ref: 00A99183
                                                                                      • Part of subcall function 00A9912D: GetAsyncKeyState.USER32(00000002), ref: 00A9919D
                                                                                    • SetTimer.USER32(00000000,00000000,00000028,00A990FC), ref: 00A98AA8
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                    • String ID: AutoIt v3 GUI
                                                                                    • API String ID: 1458621304-248962490
                                                                                    • Opcode ID: cbb68c01de623015d40f64880b3e00c46bcdd138b521046526d7ad059d4ea7f4
                                                                                    • Instruction ID: 7f5d2e9f72d1df0a4983efe84fbd597f26768798f4b8c47dc79b7b0c5b4b082a
                                                                                    • Opcode Fuzzy Hash: cbb68c01de623015d40f64880b3e00c46bcdd138b521046526d7ad059d4ea7f4
                                                                                    • Instruction Fuzzy Hash: E7B16C71A40209AFDF14DFA8CD45BEE3BF5FB48315F10856AFA16A7290DB34A841CB50
                                                                                    Function 00AE0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE1114
                                                                                      • Part of subcall function 00AE10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1120
                                                                                      • Part of subcall function 00AE10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE112F
                                                                                      • Part of subcall function 00AE10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1136
                                                                                      • Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE114D
                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00AE0DF5
                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00AE0E29
                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00AE0E40
                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00AE0E7A
                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00AE0E96
                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00AE0EAD
                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00AE0EB5
                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00AE0EBC
                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00AE0EDD
                                                                                    • CopySid.ADVAPI32(00000000), ref: 00AE0EE4
                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00AE0F13
                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00AE0F35
                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00AE0F47
                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0F6E
                                                                                    • HeapFree.KERNEL32(00000000), ref: 00AE0F75
                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0F7E
                                                                                    • HeapFree.KERNEL32(00000000), ref: 00AE0F85
                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0F8E
                                                                                    • HeapFree.KERNEL32(00000000), ref: 00AE0F95
                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00AE0FA1
                                                                                    • HeapFree.KERNEL32(00000000), ref: 00AE0FA8
                                                                                      • Part of subcall function 00AE1193: GetProcessHeap.KERNEL32(00000008,00AE0BB1,?,00000000,?,00AE0BB1,?), ref: 00AE11A1
                                                                                      • Part of subcall function 00AE1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00AE0BB1,?), ref: 00AE11A8
                                                                                      • Part of subcall function 00AE1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00AE0BB1,?), ref: 00AE11B7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                    • String ID:
                                                                                    • API String ID: 4175595110-0
                                                                                    • Opcode ID: 580e6f562cc295c66c843e4d46a42da7f810d4f0c1a15c65fd50a88fd5b766b7
                                                                                    • Instruction ID: 5580bcdc49d0f757909d8c1cebcad1b28946db06283d7b4ae86d51dd22fd186a
                                                                                    • Opcode Fuzzy Hash: 580e6f562cc295c66c843e4d46a42da7f810d4f0c1a15c65fd50a88fd5b766b7
                                                                                    • Instruction Fuzzy Hash: CA717B7294024AABDB209FA5DC48FEEBBB8BF08300F148115F959E7191DB709E55CB60
                                                                                    Function 00B0C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0C4BD
                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,00000000,00B1CC08,00000000,?,00000000,?,?), ref: 00B0C544
                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00B0C5A4
                                                                                    • _wcslen.LIBCMT ref: 00B0C5F4
                                                                                    • _wcslen.LIBCMT ref: 00B0C66F
                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00B0C6B2
                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00B0C7C1
                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00B0C84D
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00B0C881
                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B0C88E
                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00B0C960
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                    • API String ID: 9721498-966354055
                                                                                    • Opcode ID: 7dd9eff427081be45b802f100d2cbd1c395ec77cf65ff5910be650124176e3d0
                                                                                    • Instruction ID: ca5ab5113f6a5354c19319ee68ccea4a9315b43483174edfa740231d19ae225d
                                                                                    • Opcode Fuzzy Hash: 7dd9eff427081be45b802f100d2cbd1c395ec77cf65ff5910be650124176e3d0
                                                                                    • Instruction Fuzzy Hash: 181269356042019FDB14EF14C981A2ABBE5FF88714F14899CF89A9B3A2DB31FD41CB95
                                                                                    Function 00B1091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00B109C6
                                                                                    • _wcslen.LIBCMT ref: 00B10A01
                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B10A54
                                                                                    • _wcslen.LIBCMT ref: 00B10A8A
                                                                                    • _wcslen.LIBCMT ref: 00B10B06
                                                                                    • _wcslen.LIBCMT ref: 00B10B81
                                                                                      • Part of subcall function 00A9F9F2: _wcslen.LIBCMT ref: 00A9F9FD
                                                                                      • Part of subcall function 00AE2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AE2BFA
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                    • API String ID: 1103490817-4258414348
                                                                                    • Opcode ID: 0e269150fd342cf76365a0d2f9f27fca3bfe8d5a49fb774ac847393a8305c68b
                                                                                    • Instruction ID: 0d91e5beded7437b4d56776ff64acdfc1b132441ba983bb82e9cfbe63e362c70
                                                                                    • Opcode Fuzzy Hash: 0e269150fd342cf76365a0d2f9f27fca3bfe8d5a49fb774ac847393a8305c68b
                                                                                    • Instruction Fuzzy Hash: 3BE1AF312283418FCB14EF24C59096AB7E1FF98314F94899DF8969B362DB70ED85CB91
                                                                                    Function 00B0C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                    • API String ID: 1256254125-909552448
                                                                                    • Opcode ID: 782b0024cbd1fc9c6cb47b2810e48cc5fc2768cb721c49f9bdded7a34ec4f72c
                                                                                    • Instruction ID: f61031300e11efba1ca26e588e472f23d4fae8c92f01c0ecb75d87bb3eccf6f6
                                                                                    • Opcode Fuzzy Hash: 782b0024cbd1fc9c6cb47b2810e48cc5fc2768cb721c49f9bdded7a34ec4f72c
                                                                                    • Instruction Fuzzy Hash: 2871E13360016A8BDB20DF6CC9415BB3FD5EBA1750B6507A8F866972D8EB30CE45D3A0
                                                                                    Function 00B1833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _wcslen.LIBCMT ref: 00B1835A
                                                                                    • _wcslen.LIBCMT ref: 00B1836E
                                                                                    • _wcslen.LIBCMT ref: 00B18391
                                                                                    • _wcslen.LIBCMT ref: 00B183B4
                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00B183F2
                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00B15BF2), ref: 00B1844E
                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B18487
                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00B184CA
                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B18501
                                                                                    • FreeLibrary.KERNEL32(?), ref: 00B1850D
                                                                                    • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00B1851D
                                                                                    • DestroyIcon.USER32(?,?,?,?,?,00B15BF2), ref: 00B1852C
                                                                                    • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00B18549
                                                                                    • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00B18555
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                    • String ID: .dll$.exe$.icl
                                                                                    • API String ID: 799131459-1154884017
                                                                                    • Opcode ID: 6b9e146e384dca60765044d0ad9f27ea82be78c2dbbd3cee56ff4e67cb8e4922
                                                                                    • Instruction ID: 29e6ed438dbe608c480323990dcc36ac5822c26489e369eab03f4ee408bde6b4
                                                                                    • Opcode Fuzzy Hash: 6b9e146e384dca60765044d0ad9f27ea82be78c2dbbd3cee56ff4e67cb8e4922
                                                                                    • Instruction Fuzzy Hash: EB61CF71540205BAEB14DF64DC81BFE7BA8FB18B11F508649F815D71D1DFB4AA90CBA0
                                                                                    Function 00A87778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                    • API String ID: 0-1645009161
                                                                                    • Opcode ID: 706a94cbfec9bd9885e700d0090b07875ab48864b72b68be4f969ac94a47e338
                                                                                    • Instruction ID: 6b4dcbba685b4aae6d6ef73fdf8841f87a23eeb22aecdf7522661659f3f08898
                                                                                    • Opcode Fuzzy Hash: 706a94cbfec9bd9885e700d0090b07875ab48864b72b68be4f969ac94a47e338
                                                                                    • Instruction Fuzzy Hash: 9C81D071A44605BBDB20BF60CD42FAF7BB8AF15300F154068F805AB1D6EB74EA91C7A1
                                                                                    Function 00AF3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CharLowerBuffW.USER32(?,?), ref: 00AF3EF8
                                                                                    • _wcslen.LIBCMT ref: 00AF3F03
                                                                                    • _wcslen.LIBCMT ref: 00AF3F5A
                                                                                    • _wcslen.LIBCMT ref: 00AF3F98
                                                                                    • GetDriveTypeW.KERNEL32(?), ref: 00AF3FD6
                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AF401E
                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AF4059
                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AF4087
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                    • API String ID: 1839972693-4113822522
                                                                                    • Opcode ID: 02ce18d7ca4d04462a49f861ade83d91702b28cce1ceab91d1775d75a4684af6
                                                                                    • Instruction ID: b9e938064f59cbf9ed921c97bd564fad0dc61479abd496abb8357e2b3859fa43
                                                                                    • Opcode Fuzzy Hash: 02ce18d7ca4d04462a49f861ade83d91702b28cce1ceab91d1775d75a4684af6
                                                                                    • Instruction Fuzzy Hash: F171CD32A042069FC710EF24C98197BB7F4EF99758F00492DFA9697261EB30DE45CB92
                                                                                    Function 00AE5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadIconW.USER32(00000063), ref: 00AE5A2E
                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00AE5A40
                                                                                    • SetWindowTextW.USER32(?,?), ref: 00AE5A57
                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00AE5A6C
                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00AE5A72
                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00AE5A82
                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00AE5A88
                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00AE5AA9
                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00AE5AC3
                                                                                    • GetWindowRect.USER32(?,?), ref: 00AE5ACC
                                                                                    • _wcslen.LIBCMT ref: 00AE5B33
                                                                                    • SetWindowTextW.USER32(?,?), ref: 00AE5B6F
                                                                                    • GetDesktopWindow.USER32 ref: 00AE5B75
                                                                                    • GetWindowRect.USER32(00000000), ref: 00AE5B7C
                                                                                    • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00AE5BD3
                                                                                    • GetClientRect.USER32(?,?), ref: 00AE5BE0
                                                                                    • PostMessageW.USER32(?,00000005,00000000,?), ref: 00AE5C05
                                                                                    • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00AE5C2F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 895679908-0
                                                                                    • Opcode ID: d69c05e5c3708ba00e86ebb76acd45ac9aa233596fd33451fd400d0ab00a630e
                                                                                    • Instruction ID: c3ed702d0f3d9a3039073a7642d0487925b6fb6e64666b79552a15f56a423bcf
                                                                                    • Opcode Fuzzy Hash: d69c05e5c3708ba00e86ebb76acd45ac9aa233596fd33451fd400d0ab00a630e
                                                                                    • Instruction Fuzzy Hash: 4A715D31900B49AFDB20DFB9DE85AAEBBF5FF48708F104518E542A35A0DB75E944CB50
                                                                                    Function 00AFFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadCursorW.USER32(00000000,00007F89), ref: 00AFFE27
                                                                                    • LoadCursorW.USER32(00000000,00007F8A), ref: 00AFFE32
                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00AFFE3D
                                                                                    • LoadCursorW.USER32(00000000,00007F03), ref: 00AFFE48
                                                                                    • LoadCursorW.USER32(00000000,00007F8B), ref: 00AFFE53
                                                                                    • LoadCursorW.USER32(00000000,00007F01), ref: 00AFFE5E
                                                                                    • LoadCursorW.USER32(00000000,00007F81), ref: 00AFFE69
                                                                                    • LoadCursorW.USER32(00000000,00007F88), ref: 00AFFE74
                                                                                    • LoadCursorW.USER32(00000000,00007F80), ref: 00AFFE7F
                                                                                    • LoadCursorW.USER32(00000000,00007F86), ref: 00AFFE8A
                                                                                    • LoadCursorW.USER32(00000000,00007F83), ref: 00AFFE95
                                                                                    • LoadCursorW.USER32(00000000,00007F85), ref: 00AFFEA0
                                                                                    • LoadCursorW.USER32(00000000,00007F82), ref: 00AFFEAB
                                                                                    • LoadCursorW.USER32(00000000,00007F84), ref: 00AFFEB6
                                                                                    • LoadCursorW.USER32(00000000,00007F04), ref: 00AFFEC1
                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 00AFFECC
                                                                                    • GetCursorInfo.USER32(?), ref: 00AFFEDC
                                                                                    • GetLastError.KERNEL32 ref: 00AFFF1E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Cursor$Load$ErrorInfoLast
                                                                                    • String ID:
                                                                                    • API String ID: 3215588206-0
                                                                                    • Opcode ID: 6d15f25c2c41ccaee6fb90310c070c3be2ec058f426e0eb6fef4479af3602b17
                                                                                    • Instruction ID: 4379941068ccfc1d76dfbb101ac3fab2477320f40f762b4872c3d35bfed16523
                                                                                    • Opcode Fuzzy Hash: 6d15f25c2c41ccaee6fb90310c070c3be2ec058f426e0eb6fef4479af3602b17
                                                                                    • Instruction Fuzzy Hash: 914144B0D443196EDB109FBA8C8586EBFE8FF04754B50852AF11DE7291DB789901CF91
                                                                                    Function 00AA00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00AA00C6
                                                                                      • Part of subcall function 00AA00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00B5070C,00000FA0,D78B3D22,?,?,?,?,00AC23B3,000000FF), ref: 00AA011C
                                                                                      • Part of subcall function 00AA00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00AC23B3,000000FF), ref: 00AA0127
                                                                                      • Part of subcall function 00AA00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00AC23B3,000000FF), ref: 00AA0138
                                                                                      • Part of subcall function 00AA00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00AA014E
                                                                                      • Part of subcall function 00AA00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00AA015C
                                                                                      • Part of subcall function 00AA00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00AA016A
                                                                                      • Part of subcall function 00AA00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00AA0195
                                                                                      • Part of subcall function 00AA00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00AA01A0
                                                                                    • ___scrt_fastfail.LIBCMT ref: 00AA00E7
                                                                                      • Part of subcall function 00AA00A3: __onexit.LIBCMT ref: 00AA00A9
                                                                                    Strings
                                                                                    • WakeAllConditionVariable, xrefs: 00AA0162
                                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00AA0122
                                                                                    • SleepConditionVariableCS, xrefs: 00AA0154
                                                                                    • kernel32.dll, xrefs: 00AA0133
                                                                                    • InitializeConditionVariable, xrefs: 00AA0148
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                    • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                    • API String ID: 66158676-1714406822
                                                                                    • Opcode ID: 6884776bada938eb51a3e19e87eb8e0559789972622ec0947303c8f16696194c
                                                                                    • Instruction ID: 79abcac19d06b2f2bd67a667436abab71b1a80dc5d3b22565183389b89791149
                                                                                    • Opcode Fuzzy Hash: 6884776bada938eb51a3e19e87eb8e0559789972622ec0947303c8f16696194c
                                                                                    • Instruction Fuzzy Hash: 4C21A7326847116FDB116B64BD46FF937E4EB46F51F404679F805E72E1DF649C008A90
                                                                                    Function 00AE30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen
                                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                    • API String ID: 176396367-1603158881
                                                                                    • Opcode ID: 61275be9a411a77fd9613d5249f347637e12c4f570e7d71930248f212677f045
                                                                                    • Instruction ID: 9794f90fa1bfc526857457daad236012ad3f2e5269384052b9b78c111a3146de
                                                                                    • Opcode Fuzzy Hash: 61275be9a411a77fd9613d5249f347637e12c4f570e7d71930248f212677f045
                                                                                    • Instruction Fuzzy Hash: 54E10533A00556AFCF249F69C859BEEFBB0BF54710F548169E456E7280DB30AF8587A0
                                                                                    Function 00AF44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CharLowerBuffW.USER32(00000000,00000000,00B1CC08), ref: 00AF4527
                                                                                    • _wcslen.LIBCMT ref: 00AF453B
                                                                                    • _wcslen.LIBCMT ref: 00AF4599
                                                                                    • _wcslen.LIBCMT ref: 00AF45F4
                                                                                    • _wcslen.LIBCMT ref: 00AF463F
                                                                                    • _wcslen.LIBCMT ref: 00AF46A7
                                                                                      • Part of subcall function 00A9F9F2: _wcslen.LIBCMT ref: 00A9F9FD
                                                                                    • GetDriveTypeW.KERNEL32(?,00B46BF0,00000061), ref: 00AF4743
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$BuffCharDriveLowerType
                                                                                    • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                    • API String ID: 2055661098-1000479233
                                                                                    • Opcode ID: 8ad8f9f54649984c3a2c5bb941911e29afa4b885b835880e59663612ce0a70df
                                                                                    • Instruction ID: e85c7a5e8ea5f341bb405b944d3311624819cbcfa615270e006d7eac04896af9
                                                                                    • Opcode Fuzzy Hash: 8ad8f9f54649984c3a2c5bb941911e29afa4b885b835880e59663612ce0a70df
                                                                                    • Instruction Fuzzy Hash: 3AB1FE316083069FC710EF68C990A7BB7E5AFAA760F50491DF696C7291E730DD44CBA2
                                                                                    Function 00B0AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _wcslen.LIBCMT ref: 00B0B198
                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B1B0
                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B1D4
                                                                                    • _wcslen.LIBCMT ref: 00B0B200
                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B214
                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B236
                                                                                    • _wcslen.LIBCMT ref: 00B0B332
                                                                                      • Part of subcall function 00AF05A7: GetStdHandle.KERNEL32(000000F6), ref: 00AF05C6
                                                                                    • _wcslen.LIBCMT ref: 00B0B34B
                                                                                    • _wcslen.LIBCMT ref: 00B0B366
                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B0B3B6
                                                                                    • GetLastError.KERNEL32(00000000), ref: 00B0B407
                                                                                    • CloseHandle.KERNEL32(?), ref: 00B0B439
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B0B44A
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B0B45C
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B0B46E
                                                                                    • CloseHandle.KERNEL32(?), ref: 00B0B4E3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                    • String ID:
                                                                                    • API String ID: 2178637699-0
                                                                                    • Opcode ID: 8c581c1dbd7fdea2053820eca71995864518d063964feca7361a237d5a02e9c2
                                                                                    • Instruction ID: 84a75d669de812250ced9dbcf58219384ea78f269fd4cb75ddc08877523f732b
                                                                                    • Opcode Fuzzy Hash: 8c581c1dbd7fdea2053820eca71995864518d063964feca7361a237d5a02e9c2
                                                                                    • Instruction Fuzzy Hash: 8DF179316082409FCB14EF24C991F6EBBE5EF85714F18859DF8969B2A2DB31EC40CB52
                                                                                    Function 00B03FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,00B1CC08), ref: 00B040BB
                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00B040CD
                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00B1CC08), ref: 00B040F2
                                                                                    • FreeLibrary.KERNEL32(00000000,?,00B1CC08), ref: 00B0413E
                                                                                    • StringFromGUID2.OLE32(?,?,00000028,?,00B1CC08), ref: 00B041A8
                                                                                    • SysFreeString.OLEAUT32(00000009), ref: 00B04262
                                                                                    • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00B042C8
                                                                                    • SysFreeString.OLEAUT32(?), ref: 00B042F2
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                    • String ID: GetModuleHandleExW$kernel32.dll
                                                                                    • API String ID: 354098117-199464113
                                                                                    • Opcode ID: 7a8d7e57bb5623e0e961b0b216ba36c5e6dac8c81ccff3b9de9a41804da7831f
                                                                                    • Instruction ID: fb81b6a5fcaf284728b403996695fa8a86214e13bd36bcdc3467b0bab8009544
                                                                                    • Opcode Fuzzy Hash: 7a8d7e57bb5623e0e961b0b216ba36c5e6dac8c81ccff3b9de9a41804da7831f
                                                                                    • Instruction Fuzzy Hash: C5122DB5A00115EFDB14DF54C984EAEBBF5FF45314F248098EA05AB2A1DB31ED46CBA0
                                                                                    Function 00A8326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetMenuItemCount.USER32(00B51990), ref: 00AC2F8D
                                                                                    • GetMenuItemCount.USER32(00B51990), ref: 00AC303D
                                                                                    • GetCursorPos.USER32(?), ref: 00AC3081
                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00AC308A
                                                                                    • TrackPopupMenuEx.USER32(00B51990,00000000,?,00000000,00000000,00000000), ref: 00AC309D
                                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00AC30A9
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                    • String ID: 0
                                                                                    • API String ID: 36266755-4108050209
                                                                                    • Opcode ID: e28281c2909153c9f89c69022f9bcdbc64a3b1686b9b618d9de875a6d16626b8
                                                                                    • Instruction ID: 141ab43e7b33296edc4bf19085d2cfeadc82b5a4b7ffdae74730998697256630
                                                                                    • Opcode Fuzzy Hash: e28281c2909153c9f89c69022f9bcdbc64a3b1686b9b618d9de875a6d16626b8
                                                                                    • Instruction Fuzzy Hash: 3F71F771644209BEEF259F28CC49FEABF75FF15764F20421AF5146A1E0CBB1A920DB90
                                                                                    Function 00B16CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DestroyWindow.USER32(00000000,?), ref: 00B16DEB
                                                                                      • Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A
                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00B16E5F
                                                                                    • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00B16E81
                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B16E94
                                                                                    • DestroyWindow.USER32(?), ref: 00B16EB5
                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A80000,00000000), ref: 00B16EE4
                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B16EFD
                                                                                    • GetDesktopWindow.USER32 ref: 00B16F16
                                                                                    • GetWindowRect.USER32(00000000), ref: 00B16F1D
                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B16F35
                                                                                    • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00B16F4D
                                                                                      • Part of subcall function 00A99944: GetWindowLongW.USER32(?,000000EB), ref: 00A99952
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                    • String ID: 0$tooltips_class32
                                                                                    • API String ID: 2429346358-3619404913
                                                                                    • Opcode ID: bff4677d6128856f33ceadcbb249768a8d25dc0b9397a33c7d501c057eaaebbb
                                                                                    • Instruction ID: 15053bc37e102afaae2ffa40bd2ce864a492e125f5c70df000bfdff56dd02c52
                                                                                    • Opcode Fuzzy Hash: bff4677d6128856f33ceadcbb249768a8d25dc0b9397a33c7d501c057eaaebbb
                                                                                    • Instruction Fuzzy Hash: 5B716675244340AFDB21CF18DC48BAABBE9FB89304F84499DF99987261CB70A946CB11
                                                                                    Function 00B1911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2
                                                                                    • DragQueryPoint.SHELL32(?,?), ref: 00B19147
                                                                                      • Part of subcall function 00B17674: ClientToScreen.USER32(?,?), ref: 00B1769A
                                                                                      • Part of subcall function 00B17674: GetWindowRect.USER32(?,?), ref: 00B17710
                                                                                      • Part of subcall function 00B17674: PtInRect.USER32(?,?,00B18B89), ref: 00B17720
                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00B191B0
                                                                                    • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00B191BB
                                                                                    • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00B191DE
                                                                                    • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00B19225
                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00B1923E
                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00B19255
                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00B19277
                                                                                    • DragFinish.SHELL32(?), ref: 00B1927E
                                                                                    • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00B19371
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                    • API String ID: 221274066-3440237614
                                                                                    • Opcode ID: b4e52cc1c8e08cdb63b7bb87072aa73438e9f2df8da808fc15e02ca4e880e331
                                                                                    • Instruction ID: 282fa3b120a7d97c5ad1f7affd4a96ef959be645a79398ba93f88f72a59f9c46
                                                                                    • Opcode Fuzzy Hash: b4e52cc1c8e08cdb63b7bb87072aa73438e9f2df8da808fc15e02ca4e880e331
                                                                                    • Instruction Fuzzy Hash: 59618B71108301AFD701EF64DD85EAFBBE8EF88750F40496EF595931A0DB309A49CB92
                                                                                    Function 00AFC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00AFC4B0
                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00AFC4C3
                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00AFC4D7
                                                                                    • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00AFC4F0
                                                                                    • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00AFC533
                                                                                    • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00AFC549
                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AFC554
                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00AFC584
                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00AFC5DC
                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00AFC5F0
                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00AFC5FB
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                    • String ID:
                                                                                    • API String ID: 3800310941-3916222277
                                                                                    • Opcode ID: a0407e5ea6e6f641900205757226428c3e1f7864f9f8bf4f88b97e7959b91733
                                                                                    • Instruction ID: 32d8e2ccb387509c6ea1c6f12623558ce3e441e1341021c3a9b53b25391a98bc
                                                                                    • Opcode Fuzzy Hash: a0407e5ea6e6f641900205757226428c3e1f7864f9f8bf4f88b97e7959b91733
                                                                                    • Instruction Fuzzy Hash: 5C513CB158020DBFDB218FA1CA48ABB7BBCFB08764F008419FA46D7250DB74E944DB60
                                                                                    Function 00B1856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00B18592
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B185A2
                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B185AD
                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B185BA
                                                                                    • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B185C8
                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B185D7
                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B185E0
                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B185E7
                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B185F8
                                                                                    • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00B1FC38,?), ref: 00B18611
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00B18621
                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00B18641
                                                                                    • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00B18671
                                                                                    • DeleteObject.GDI32(?), ref: 00B18699
                                                                                    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00B186AF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                    • String ID:
                                                                                    • API String ID: 3840717409-0
                                                                                    • Opcode ID: 7c2353177f3917d8b73fd33b5dee5abba946b4936fee608287be541991d9d964
                                                                                    • Instruction ID: e8e8b301c7cf7dfe1f11ea4fc56579c18c52a40627c5a79cea4f842f99ab6e7b
                                                                                    • Opcode Fuzzy Hash: 7c2353177f3917d8b73fd33b5dee5abba946b4936fee608287be541991d9d964
                                                                                    • Instruction Fuzzy Hash: 55411875640208BFDB119FA5DC88EEA7BBDFF89B11F508068F905E7260DB309A41CB60
                                                                                    Function 00AF14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VariantInit.OLEAUT32(00000000), ref: 00AF1502
                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 00AF150B
                                                                                    • VariantClear.OLEAUT32(?), ref: 00AF1517
                                                                                    • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00AF15FB
                                                                                    • VarR8FromDec.OLEAUT32(?,?), ref: 00AF1657
                                                                                    • VariantInit.OLEAUT32(?), ref: 00AF1708
                                                                                    • SysFreeString.OLEAUT32(?), ref: 00AF178C
                                                                                    • VariantClear.OLEAUT32(?), ref: 00AF17D8
                                                                                    • VariantClear.OLEAUT32(?), ref: 00AF17E7
                                                                                    • VariantInit.OLEAUT32(00000000), ref: 00AF1823
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                    • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                    • API String ID: 1234038744-3931177956
                                                                                    • Opcode ID: 2289a317dd05e3b5218c6ca2496fb912d2554d1162f29cbf0a26e51125d2ff5c
                                                                                    • Instruction ID: 3d52d88536be9c308f109e6d7ad932be72ebf7691cd2a864c8f877043a5805d5
                                                                                    • Opcode Fuzzy Hash: 2289a317dd05e3b5218c6ca2496fb912d2554d1162f29cbf0a26e51125d2ff5c
                                                                                    • Instruction Fuzzy Hash: 8DD1E071A04219EFDF04AFA5D985BB9B7F6BF44700F148056FA06AB280DB30EC41DBA1
                                                                                    Function 00B0B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                      • Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E
                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0B6F4
                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B0B772
                                                                                    • RegDeleteValueW.ADVAPI32(?,?), ref: 00B0B80A
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00B0B87E
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00B0B89C
                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00B0B8F2
                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B0B904
                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B0B922
                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00B0B983
                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B0B994
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                    • API String ID: 146587525-4033151799
                                                                                    • Opcode ID: a01bba633c413f8fa09bf4ffebf3e457e89959b5b95f3eb74e65b1312e5a7dbb
                                                                                    • Instruction ID: eb970285cfd0070d7bc615b0f1b4babc2c9b4a4f92c3101b2656d8dd2cae8f7f
                                                                                    • Opcode Fuzzy Hash: a01bba633c413f8fa09bf4ffebf3e457e89959b5b95f3eb74e65b1312e5a7dbb
                                                                                    • Instruction Fuzzy Hash: DBC16B35208201AFD714DF24C495F2ABBE5FF84318F54859CF5AA8B2A2CB71ED45CB92
                                                                                    Function 00B0255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDC.USER32(00000000), ref: 00B025D8
                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00B025E8
                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00B025F4
                                                                                    • SelectObject.GDI32(00000000,?), ref: 00B02601
                                                                                    • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00B0266D
                                                                                    • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00B026AC
                                                                                    • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00B026D0
                                                                                    • SelectObject.GDI32(?,?), ref: 00B026D8
                                                                                    • DeleteObject.GDI32(?), ref: 00B026E1
                                                                                    • DeleteDC.GDI32(?), ref: 00B026E8
                                                                                    • ReleaseDC.USER32(00000000,?), ref: 00B026F3
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                    • String ID: (
                                                                                    • API String ID: 2598888154-3887548279
                                                                                    • Opcode ID: 5e268d30a1f07cc645033f15a459493f963ec4c9ddc4bbe88102fef0b4cf2d1e
                                                                                    • Instruction ID: 0fbfd9a91acc403864170d9ab1136931f79c3800fae381c80a3a6a91c98ce381
                                                                                    • Opcode Fuzzy Hash: 5e268d30a1f07cc645033f15a459493f963ec4c9ddc4bbe88102fef0b4cf2d1e
                                                                                    • Instruction Fuzzy Hash: DC61E275D00219EFCF04CFA4D888AAEBBF6FF48310F208569E955A7250D771A951CF50
                                                                                    Function 00ABDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___free_lconv_mon.LIBCMT ref: 00ABDAA1
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD659
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD66B
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD67D
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD68F
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6A1
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6B3
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6C5
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6D7
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6E9
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6FB
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD70D
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD71F
                                                                                      • Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD731
                                                                                    • _free.LIBCMT ref: 00ABDA96
                                                                                      • Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
                                                                                      • Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0
                                                                                    • _free.LIBCMT ref: 00ABDAB8
                                                                                    • _free.LIBCMT ref: 00ABDACD
                                                                                    • _free.LIBCMT ref: 00ABDAD8
                                                                                    • _free.LIBCMT ref: 00ABDAFA
                                                                                    • _free.LIBCMT ref: 00ABDB0D
                                                                                    • _free.LIBCMT ref: 00ABDB1B
                                                                                    • _free.LIBCMT ref: 00ABDB26
                                                                                    • _free.LIBCMT ref: 00ABDB5E
                                                                                    • _free.LIBCMT ref: 00ABDB65
                                                                                    • _free.LIBCMT ref: 00ABDB82
                                                                                    • _free.LIBCMT ref: 00ABDB9A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                    • String ID:
                                                                                    • API String ID: 161543041-0
                                                                                    • Opcode ID: 921339c503ddfbf06274601934e45e211732a45472e6d7c2e25a0c1875aeec6c
                                                                                    • Instruction ID: a27b927b7bf38ecaf30e75b4e6ccfa324c2f3442af1d7ecd18af0515840fe100
                                                                                    • Opcode Fuzzy Hash: 921339c503ddfbf06274601934e45e211732a45472e6d7c2e25a0c1875aeec6c
                                                                                    • Instruction Fuzzy Hash: B2313D31604705AFEB21AB39E945BD6BBEDFF40350F15481AE449D7193EF31AC508724
                                                                                    Function 00AE365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00AE369C
                                                                                    • _wcslen.LIBCMT ref: 00AE36A7
                                                                                    • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00AE3797
                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00AE380C
                                                                                    • GetDlgCtrlID.USER32(?), ref: 00AE385D
                                                                                    • GetWindowRect.USER32(?,?), ref: 00AE3882
                                                                                    • GetParent.USER32(?), ref: 00AE38A0
                                                                                    • ScreenToClient.USER32(00000000), ref: 00AE38A7
                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00AE3921
                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00AE395D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                    • String ID: %s%u
                                                                                    • API String ID: 4010501982-679674701
                                                                                    • Opcode ID: 057434578bd9d82e7b8a133ea4e325e6ca5d83dfe7d09136a24d728e64a78c14
                                                                                    • Instruction ID: 63e2b7191d9d8533b311f9673281e67d00b9e9b58812e686b138734a99f3eaaa
                                                                                    • Opcode Fuzzy Hash: 057434578bd9d82e7b8a133ea4e325e6ca5d83dfe7d09136a24d728e64a78c14
                                                                                    • Instruction Fuzzy Hash: 5E91C272204746AFDB18DF26C899BEAF7A8FF44350F408529F999C3191DB30EA45CB91
                                                                                    Function 00AE4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00AE4994
                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00AE49DA
                                                                                    • _wcslen.LIBCMT ref: 00AE49EB
                                                                                    • CharUpperBuffW.USER32(?,00000000), ref: 00AE49F7
                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00AE4A2C
                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00AE4A64
                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00AE4A9D
                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00AE4AE6
                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00AE4B20
                                                                                    • GetWindowRect.USER32(?,?), ref: 00AE4B8B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                    • String ID: ThumbnailClass
                                                                                    • API String ID: 1311036022-1241985126
                                                                                    • Opcode ID: f8b039579f48b3bb5dbd5ad9de2bbc58c390a474aab42322bb5bec2a70f33956
                                                                                    • Instruction ID: 836d595a7298707f0787da297bd7394e536067b999f1faa824377cd77c6df523
                                                                                    • Opcode Fuzzy Hash: f8b039579f48b3bb5dbd5ad9de2bbc58c390a474aab42322bb5bec2a70f33956
                                                                                    • Instruction Fuzzy Hash: 7D9189710083459BDB04DF16C985BAABBECEF88354F048469FD859B096EB34ED45CBA1
                                                                                    Function 00B18D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2
                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B18D5A
                                                                                    • GetFocus.USER32 ref: 00B18D6A
                                                                                    • GetDlgCtrlID.USER32(00000000), ref: 00B18D75
                                                                                    • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00B18E1D
                                                                                    • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00B18ECF
                                                                                    • GetMenuItemCount.USER32(?), ref: 00B18EEC
                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 00B18EFC
                                                                                    • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00B18F2E
                                                                                    • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00B18F70
                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00B18FA1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                    • String ID: 0
                                                                                    • API String ID: 1026556194-4108050209
                                                                                    • Opcode ID: 66b06cc0f39f6b0f7a0665ad45b8dfe4bbda6283940dd08ae94da8d0a1d48ab8
                                                                                    • Instruction ID: 57b5c90bd0269cda6c8ea274e1deba2cb0e2c94bfd1246a5485c30d84ae15695
                                                                                    • Opcode Fuzzy Hash: 66b06cc0f39f6b0f7a0665ad45b8dfe4bbda6283940dd08ae94da8d0a1d48ab8
                                                                                    • Instruction Fuzzy Hash: E681AF726043019FDB10CF14D884AEB7BEAFB88354F5449ADF985D7291DB30D981CBA1
                                                                                    Function 00AEBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetMenuItemInfoW.USER32(00B51990,000000FF,00000000,00000030), ref: 00AEBFAC
                                                                                    • SetMenuItemInfoW.USER32(00B51990,00000004,00000000,00000030), ref: 00AEBFE1
                                                                                    • Sleep.KERNEL32(000001F4), ref: 00AEBFF3
                                                                                    • GetMenuItemCount.USER32(?), ref: 00AEC039
                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 00AEC056
                                                                                    • GetMenuItemID.USER32(?,-00000001), ref: 00AEC082
                                                                                    • GetMenuItemID.USER32(?,?), ref: 00AEC0C9
                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00AEC10F
                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AEC124
                                                                                    • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AEC145
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                    • String ID: 0
                                                                                    • API String ID: 1460738036-4108050209
                                                                                    • Opcode ID: cfe8d3a2c369300505be934cc040438caddd823be0636e595e6abec1027f60f7
                                                                                    • Instruction ID: 8964c2a327ef33e035c18ef26cf4b23a2fd4bf1ed58985e5a3c162babb2ca9d2
                                                                                    • Opcode Fuzzy Hash: cfe8d3a2c369300505be934cc040438caddd823be0636e595e6abec1027f60f7
                                                                                    • Instruction Fuzzy Hash: 81617EB090038AAFDF11DF69DD88AEEBBB9FB05364F144155E811A3291CB35AD16CB60
                                                                                    Function 00AEDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00AEDC20
                                                                                    • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00AEDC46
                                                                                    • _wcslen.LIBCMT ref: 00AEDC50
                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00AEDCA0
                                                                                    • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00AEDCBC
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                    • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                    • API String ID: 1939486746-1459072770
                                                                                    • Opcode ID: 73853fe0e0cc47eff7d427669034810daca147e8cb60fa3706d7dbc24a6cadbd
                                                                                    • Instruction ID: c5bda34d10e88eea9936c3b064b327dc0249876a1c3567e943e61733cc2fe0a9
                                                                                    • Opcode Fuzzy Hash: 73853fe0e0cc47eff7d427669034810daca147e8cb60fa3706d7dbc24a6cadbd
                                                                                    • Instruction Fuzzy Hash: 02411372A402047ADB01A775DD47EFF7BACEF46750F2000AAF900E71D2EB759A0197A5
                                                                                    Function 00B0CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B0CC64
                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00B0CC8D
                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B0CD48
                                                                                      • Part of subcall function 00B0CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00B0CCAA
                                                                                      • Part of subcall function 00B0CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00B0CCBD
                                                                                      • Part of subcall function 00B0CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B0CCCF
                                                                                      • Part of subcall function 00B0CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B0CD05
                                                                                      • Part of subcall function 00B0CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B0CD28
                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B0CCF3
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                    • API String ID: 2734957052-4033151799
                                                                                    • Opcode ID: 104dc5312c8d306c7e3e098ac1548dc6eda5c95152802d61b22059e0ccc00317
                                                                                    • Instruction ID: a7e8c179af5b439886ac730822fc4b99ca753cf31743a045cad9469501a751b7
                                                                                    • Opcode Fuzzy Hash: 104dc5312c8d306c7e3e098ac1548dc6eda5c95152802d61b22059e0ccc00317
                                                                                    • Instruction Fuzzy Hash: D3316F71941129BBDB208B55DC88EFFBFBCEF45750F0042A5B906E3290DB349E45DAA0
                                                                                    Function 00AF3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00AF3D40
                                                                                    • _wcslen.LIBCMT ref: 00AF3D6D
                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00AF3D9D
                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00AF3DBE
                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 00AF3DCE
                                                                                    • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00AF3E55
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00AF3E60
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00AF3E6B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                    • String ID: :$\$\??\%s
                                                                                    • API String ID: 1149970189-3457252023
                                                                                    • Opcode ID: 4e77cd73d9adda5151e09837c3021deadcef54c16a8a2ed00c6aa8c31606b16a
                                                                                    • Instruction ID: b31eb17e465dd42d4c7673d36a3f677f90a6f4b6bd3cf10679bf8f016a6d6d31
                                                                                    • Opcode Fuzzy Hash: 4e77cd73d9adda5151e09837c3021deadcef54c16a8a2ed00c6aa8c31606b16a
                                                                                    • Instruction Fuzzy Hash: FF31AF72A40219ABDF209FA0DC49FEF3BBDEF89740F5040A5F619D60A0EB7097448B64
                                                                                    Function 00AEE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • timeGetTime.WINMM ref: 00AEE6B4
                                                                                      • Part of subcall function 00A9E551: timeGetTime.WINMM(?,?,00AEE6D4), ref: 00A9E555
                                                                                    • Sleep.KERNEL32(0000000A), ref: 00AEE6E1
                                                                                    • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00AEE705
                                                                                    • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00AEE727
                                                                                    • SetActiveWindow.USER32 ref: 00AEE746
                                                                                    • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00AEE754
                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00AEE773
                                                                                    • Sleep.KERNEL32(000000FA), ref: 00AEE77E
                                                                                    • IsWindow.USER32 ref: 00AEE78A
                                                                                    • EndDialog.USER32(00000000), ref: 00AEE79B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                    • String ID: BUTTON
                                                                                    • API String ID: 1194449130-3405671355
                                                                                    • Opcode ID: a8c2da6f69e5c4a3beb534702e38b18a351c038a3ced3b04c6075bfbce06b17b
                                                                                    • Instruction ID: ae5340bb6df2585cb144b28cf8cc2d8a4c4c8dc76ec559b30660d53d09822db9
                                                                                    • Opcode Fuzzy Hash: a8c2da6f69e5c4a3beb534702e38b18a351c038a3ced3b04c6075bfbce06b17b
                                                                                    • Instruction Fuzzy Hash: EE21A2B0280385BFEB009F22EC89B663F6AF75634AF504865F505831B1DF71AC108B25
                                                                                    Function 00AEE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                    • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00AEEA5D
                                                                                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00AEEA73
                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AEEA84
                                                                                    • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00AEEA96
                                                                                    • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00AEEAA7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: SendString$_wcslen
                                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                    • API String ID: 2420728520-1007645807
                                                                                    • Opcode ID: 44335ba0be477467f3710686075d7c42d00257e5b97dcff0a4b3deb97ddeddee
                                                                                    • Instruction ID: 3de6210b5fb33fc1265e32b630ad58da9c072252730ceb795986b46b8f332a99
                                                                                    • Opcode Fuzzy Hash: 44335ba0be477467f3710686075d7c42d00257e5b97dcff0a4b3deb97ddeddee
                                                                                    • Instruction Fuzzy Hash: E1115131A9026979D720F7A2DD4ADFF6BBCEBD6B40F400469B401A20E1EEB00A05D6B1
                                                                                    Function 00AE9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetKeyboardState.USER32(?), ref: 00AEA012
                                                                                    • SetKeyboardState.USER32(?), ref: 00AEA07D
                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00AEA09D
                                                                                    • GetKeyState.USER32(000000A0), ref: 00AEA0B4
                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00AEA0E3
                                                                                    • GetKeyState.USER32(000000A1), ref: 00AEA0F4
                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00AEA120
                                                                                    • GetKeyState.USER32(00000011), ref: 00AEA12E
                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00AEA157
                                                                                    • GetKeyState.USER32(00000012), ref: 00AEA165
                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00AEA18E
                                                                                    • GetKeyState.USER32(0000005B), ref: 00AEA19C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: State$Async$Keyboard
                                                                                    • String ID:
                                                                                    • API String ID: 541375521-0
                                                                                    • Opcode ID: c2f07bed68065f22c28ad7a80d19eaae8ef4ac142486f6db4fa7d149eca17cf3
                                                                                    • Instruction ID: 36b76ebbc7507b0692e40402b3345dbc0ef93cc17ed1c51697c62cbbfb36e3a8
                                                                                    • Opcode Fuzzy Hash: c2f07bed68065f22c28ad7a80d19eaae8ef4ac142486f6db4fa7d149eca17cf3
                                                                                    • Instruction Fuzzy Hash: 6351BA30A047C829FB35EB6289157EBBFB59F22380F088599D5C2571C2DA54BA4CC766
                                                                                    Function 00AE5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00AE5CE2
                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00AE5CFB
                                                                                    • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00AE5D59
                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00AE5D69
                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00AE5D7B
                                                                                    • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00AE5DCF
                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00AE5DDD
                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00AE5DEF
                                                                                    • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00AE5E31
                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00AE5E44
                                                                                    • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00AE5E5A
                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00AE5E67
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                                    • String ID:
                                                                                    • API String ID: 3096461208-0
                                                                                    • Opcode ID: 47d5e379aea0d8ab258e806fb954a6188a8d6659fc40954be13ad667f80f4970
                                                                                    • Instruction ID: b9787a5aa7cbd3f319b3f9461d5f8fc919d04765253f8ced120d8b164c7547d0
                                                                                    • Opcode Fuzzy Hash: 47d5e379aea0d8ab258e806fb954a6188a8d6659fc40954be13ad667f80f4970
                                                                                    • Instruction Fuzzy Hash: CB510BB1E40609AFDF18CF69DD89AAEBBB5EB48314F548129F915E7290DB709E00CB50
                                                                                    Function 00A98BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A98F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A98BE8,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00A98FC5
                                                                                    • DestroyWindow.USER32(?), ref: 00A98C81
                                                                                    • KillTimer.USER32(00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00A98D1B
                                                                                    • DestroyAcceleratorTable.USER32(00000000), ref: 00AD6973
                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00AD69A1
                                                                                    • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00AD69B8
                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00A98BBA,00000000), ref: 00AD69D4
                                                                                    • DeleteObject.GDI32(00000000), ref: 00AD69E6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                    • String ID:
                                                                                    • API String ID: 641708696-0
                                                                                    • Opcode ID: f5d99702383586dc0b2d38cf412655252e0d1eface4a0d8f24f4f8e370c0e7f1
                                                                                    • Instruction ID: 6c60d689c445ade85e7134414f39a42944cb0a1b1f540366b48f7682c044a54b
                                                                                    • Opcode Fuzzy Hash: f5d99702383586dc0b2d38cf412655252e0d1eface4a0d8f24f4f8e370c0e7f1
                                                                                    • Instruction Fuzzy Hash: 8D619A30602700DFDF219F18CA58B697BF1FB46312F548959E0829B6A0CB79AD81CF90
                                                                                    Function 00A99838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99944: GetWindowLongW.USER32(?,000000EB), ref: 00A99952
                                                                                    • GetSysColor.USER32(0000000F), ref: 00A99862
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ColorLongWindow
                                                                                    • String ID:
                                                                                    • API String ID: 259745315-0
                                                                                    • Opcode ID: 101e05584f6b205a4c3ad175a04856a0d889b6aeaeb54599c760456482cc6164
                                                                                    • Instruction ID: 539ddf47f6e2c974e04df7e6327e66dbfc7c64883ce9805506ca2e5259be129c
                                                                                    • Opcode Fuzzy Hash: 101e05584f6b205a4c3ad175a04856a0d889b6aeaeb54599c760456482cc6164
                                                                                    • Instruction Fuzzy Hash: 3841A131244640BFDF205F3C9C88BBA3BA5AB06331F54861DF9A2972E1EB319C42DB11
                                                                                    Function 00AE96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00ACF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00AE9717
                                                                                    • LoadStringW.USER32(00000000,?,00ACF7F8,00000001), ref: 00AE9720
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00ACF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00AE9742
                                                                                    • LoadStringW.USER32(00000000,?,00ACF7F8,00000001), ref: 00AE9745
                                                                                    • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00AE9866
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleLoadModuleString$Message_wcslen
                                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                    • API String ID: 747408836-2268648507
                                                                                    • Opcode ID: 902412c40225de4f6ee1dedda4c6050ebe8e316be5edf67290bdc9f967518346
                                                                                    • Instruction ID: c7b6dea2fd2338b1b61f43260b7bd6d4015ab5e09d1a22b80faa0b87c131cb28
                                                                                    • Opcode Fuzzy Hash: 902412c40225de4f6ee1dedda4c6050ebe8e316be5edf67290bdc9f967518346
                                                                                    • Instruction Fuzzy Hash: 8B413972900209AADF04FBE1CE86EEFB778EF15740F540065F605760A2EB256F49CBA1
                                                                                    Function 00AE06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A
                                                                                    • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00AE07A2
                                                                                    • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00AE07BE
                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00AE07DA
                                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00AE0804
                                                                                    • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00AE082C
                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00AE0837
                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00AE083C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                    • API String ID: 323675364-22481851
                                                                                    • Opcode ID: c37257b2ad16f5fce27d5824d843287fbd3a9e003b08f160003282fcda22bb69
                                                                                    • Instruction ID: 3eb0a83ea9400bda350efba4d293edcc320c589497ce2b3a82468510c888287b
                                                                                    • Opcode Fuzzy Hash: c37257b2ad16f5fce27d5824d843287fbd3a9e003b08f160003282fcda22bb69
                                                                                    • Instruction Fuzzy Hash: D8413672C10229ABDF21EFA4DC85DEEB7B8FF14340F444129E901A71A1EB709E44CBA0
                                                                                    Function 00B13F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00B1403B
                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00B14042
                                                                                    • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00B14055
                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00B1405D
                                                                                    • GetPixel.GDI32(00000000,00000000,00000000), ref: 00B14068
                                                                                    • DeleteDC.GDI32(00000000), ref: 00B14072
                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00B1407C
                                                                                    • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00B14092
                                                                                    • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00B1409E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                    • String ID: static
                                                                                    • API String ID: 2559357485-2160076837
                                                                                    • Opcode ID: 65b42483305cdb04bcbc3ca6a47d2454d38a6a4045b2938a3df79913f8366171
                                                                                    • Instruction ID: d833afd53b70fa8674016b2fe2162acc53c83ab21a6eb48fae0a17409fdfb599
                                                                                    • Opcode Fuzzy Hash: 65b42483305cdb04bcbc3ca6a47d2454d38a6a4045b2938a3df79913f8366171
                                                                                    • Instruction Fuzzy Hash: 41317A32540219BBDF219FA4CC09FDA3FA9FF0D720F514250FA18A60A0CB75D860DB50
                                                                                    Function 00B03C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VariantInit.OLEAUT32(?), ref: 00B03C5C
                                                                                    • CoInitialize.OLE32(00000000), ref: 00B03C8A
                                                                                    • CoUninitialize.OLE32 ref: 00B03C94
                                                                                    • _wcslen.LIBCMT ref: 00B03D2D
                                                                                    • GetRunningObjectTable.OLE32(00000000,?), ref: 00B03DB1
                                                                                    • SetErrorMode.KERNEL32(00000001,00000029), ref: 00B03ED5
                                                                                    • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00B03F0E
                                                                                    • CoGetObject.OLE32(?,00000000,00B1FB98,?), ref: 00B03F2D
                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 00B03F40
                                                                                    • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00B03FC4
                                                                                    • VariantClear.OLEAUT32(?), ref: 00B03FD8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 429561992-0
                                                                                    • Opcode ID: 0e8e7a36c8a90c11b85345ea7fe026d581accc1de5e3e71c1f1e8b7b2d461b58
                                                                                    • Instruction ID: 6a4f36ba264e1f9c9be5fad0d5758878501e333d280804aac711621c67f7a423
                                                                                    • Opcode Fuzzy Hash: 0e8e7a36c8a90c11b85345ea7fe026d581accc1de5e3e71c1f1e8b7b2d461b58
                                                                                    • Instruction Fuzzy Hash: B2C158716083019FD700DF68C98896BBBE9FF89B44F14499DF98A9B290DB31ED05CB52
                                                                                    Function 00AF7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CoInitialize.OLE32(00000000), ref: 00AF7AF3
                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00AF7B8F
                                                                                    • SHGetDesktopFolder.SHELL32(?), ref: 00AF7BA3
                                                                                    • CoCreateInstance.OLE32(00B1FD08,00000000,00000001,00B46E6C,?), ref: 00AF7BEF
                                                                                    • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00AF7C74
                                                                                    • CoTaskMemFree.OLE32(?,?), ref: 00AF7CCC
                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00AF7D57
                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00AF7D7A
                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00AF7D81
                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00AF7DD6
                                                                                    • CoUninitialize.OLE32 ref: 00AF7DDC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                    • String ID:
                                                                                    • API String ID: 2762341140-0
                                                                                    • Opcode ID: 26bc4128ed2241e0fb23658548d7ebd918be2f697ade2753e84829cc8498c3e3
                                                                                    • Instruction ID: 2d1002ffbb8d72a92cb3f8b6c57bfb1cfafa060b6261ff331a64f90359242507
                                                                                    • Opcode Fuzzy Hash: 26bc4128ed2241e0fb23658548d7ebd918be2f697ade2753e84829cc8498c3e3
                                                                                    • Instruction Fuzzy Hash: 13C11975A04109AFCB14DFA4C884DAEBBF9FF49304B148499F91A9B361DB30EE45CB90
                                                                                    Function 00B1541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00B15504
                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B15515
                                                                                    • CharNextW.USER32(00000158), ref: 00B15544
                                                                                    • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00B15585
                                                                                    • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00B1559B
                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B155AC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$CharNext
                                                                                    • String ID:
                                                                                    • API String ID: 1350042424-0
                                                                                    • Opcode ID: 6f712d179ee1abbb77e4474f2ee6a2326de9cebd4f196f2f0f3ec02da869527b
                                                                                    • Instruction ID: da4fb2cf9f83562637600dad741cbe5de6e2624434fb342e5726de11f71b1358
                                                                                    • Opcode Fuzzy Hash: 6f712d179ee1abbb77e4474f2ee6a2326de9cebd4f196f2f0f3ec02da869527b
                                                                                    • Instruction Fuzzy Hash: F8619170900608EFDF209F54CC85AFE7BF9EB89761F908185F525AB294D7709AC0DB61
                                                                                    Function 00ADFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00ADFAAF
                                                                                    • SafeArrayAllocData.OLEAUT32(?), ref: 00ADFB08
                                                                                    • VariantInit.OLEAUT32(?), ref: 00ADFB1A
                                                                                    • SafeArrayAccessData.OLEAUT32(?,?), ref: 00ADFB3A
                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 00ADFB8D
                                                                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 00ADFBA1
                                                                                    • VariantClear.OLEAUT32(?), ref: 00ADFBB6
                                                                                    • SafeArrayDestroyData.OLEAUT32(?), ref: 00ADFBC3
                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00ADFBCC
                                                                                    • VariantClear.OLEAUT32(?), ref: 00ADFBDE
                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00ADFBE9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                    • String ID:
                                                                                    • API String ID: 2706829360-0
                                                                                    • Opcode ID: 8aa1c35b41f1135fb6433f372d5fbca1d2acb6b1b32033bdbe6e60eff54fd41b
                                                                                    • Instruction ID: 8d95a49ff1063c929d5641cdb6cdfee287d59a64fa78c88bf2d4d549f308acd6
                                                                                    • Opcode Fuzzy Hash: 8aa1c35b41f1135fb6433f372d5fbca1d2acb6b1b32033bdbe6e60eff54fd41b
                                                                                    • Instruction Fuzzy Hash: A3414135A042199FDB00DFA8D8549EEBFB9EF48354F50806AE947A7361DB30A945CFA0
                                                                                    Function 00AE9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetKeyboardState.USER32(?), ref: 00AE9CA1
                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00AE9D22
                                                                                    • GetKeyState.USER32(000000A0), ref: 00AE9D3D
                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00AE9D57
                                                                                    • GetKeyState.USER32(000000A1), ref: 00AE9D6C
                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00AE9D84
                                                                                    • GetKeyState.USER32(00000011), ref: 00AE9D96
                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00AE9DAE
                                                                                    • GetKeyState.USER32(00000012), ref: 00AE9DC0
                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00AE9DD8
                                                                                    • GetKeyState.USER32(0000005B), ref: 00AE9DEA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: State$Async$Keyboard
                                                                                    • String ID:
                                                                                    • API String ID: 541375521-0
                                                                                    • Opcode ID: 5e742045dd96577b84df19f1196685d5c7a05340071868b9ef249b99f8440573
                                                                                    • Instruction ID: 9987e9ac32632df8c290c9ab8fcac1c0f25c81a407ab97b18b03bbf02c41affc
                                                                                    • Opcode Fuzzy Hash: 5e742045dd96577b84df19f1196685d5c7a05340071868b9ef249b99f8440573
                                                                                    • Instruction Fuzzy Hash: FB41F7345047DA6DFF30976288443F7BEE16F21344F48805ADAC6575C2EBA4A9C8C7A2
                                                                                    Function 00B0055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • WSAStartup.WSOCK32(00000101,?), ref: 00B005BC
                                                                                    • inet_addr.WSOCK32(?), ref: 00B0061C
                                                                                    • gethostbyname.WSOCK32(?), ref: 00B00628
                                                                                    • IcmpCreateFile.IPHLPAPI ref: 00B00636
                                                                                    • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00B006C6
                                                                                    • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00B006E5
                                                                                    • IcmpCloseHandle.IPHLPAPI(?), ref: 00B007B9
                                                                                    • WSACleanup.WSOCK32 ref: 00B007BF
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                    • String ID: Ping
                                                                                    • API String ID: 1028309954-2246546115
                                                                                    • Opcode ID: 3e6cd33026a5d658a5a7088a1571d4981d7f8c2cf0d2bcb3f619a3f99b065668
                                                                                    • Instruction ID: 2a299c2353ae6b5b01f84c9f5b8eef6348d41af5dbb1fee34eafe5e847eb4c1f
                                                                                    • Opcode Fuzzy Hash: 3e6cd33026a5d658a5a7088a1571d4981d7f8c2cf0d2bcb3f619a3f99b065668
                                                                                    • Instruction Fuzzy Hash: DB91A0356182019FD720EF15C988F1ABFE0EF45318F1485A9F46A9B6A2CB34ED45CF91
                                                                                    Function 00B08CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$BuffCharLower
                                                                                    • String ID: cdecl$none$stdcall$winapi
                                                                                    • API String ID: 707087890-567219261
                                                                                    • Opcode ID: bf6b9ee75be8aa36bed365100ec6fa7cbfa9bbd63af8f9f39ddcdd7ffb73c4dd
                                                                                    • Instruction ID: ee20b571c686cdb141eca6c226e26c7d3dbf46cb454085f4f37c3da10f453971
                                                                                    • Opcode Fuzzy Hash: bf6b9ee75be8aa36bed365100ec6fa7cbfa9bbd63af8f9f39ddcdd7ffb73c4dd
                                                                                    • Instruction Fuzzy Hash: FF519131A005169BCF14DF68C9808BEBBE6FF65720B2542A9E4A6E72C4DF30DE40C790
                                                                                    Function 00B0372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CoInitialize.OLE32 ref: 00B03774
                                                                                    • CoUninitialize.OLE32 ref: 00B0377F
                                                                                    • CoCreateInstance.OLE32(?,00000000,00000017,00B1FB78,?), ref: 00B037D9
                                                                                    • IIDFromString.OLE32(?,?), ref: 00B0384C
                                                                                    • VariantInit.OLEAUT32(?), ref: 00B038E4
                                                                                    • VariantClear.OLEAUT32(?), ref: 00B03936
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                    • API String ID: 636576611-1287834457
                                                                                    • Opcode ID: 17b67178a7c4cacbbd825bfca415490ae1baedd4b2865dc00bd6480dc062ed3c
                                                                                    • Instruction ID: 16f6cb9824d35892059359dffaf7be1fe66f59d7066c2357df68145bc61ead4f
                                                                                    • Opcode Fuzzy Hash: 17b67178a7c4cacbbd825bfca415490ae1baedd4b2865dc00bd6480dc062ed3c
                                                                                    • Instruction Fuzzy Hash: 9A61A370608301AFD711DF54C989F6ABBE8FF49B14F104989F5859B291D770EE48CB92
                                                                                    Function 00AF3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00AF33CF
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                    • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00AF33F0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: LoadString$_wcslen
                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                    • API String ID: 4099089115-3080491070
                                                                                    • Opcode ID: 2fbfbd7c9bbccf3fe2a09d264571932432549a7327d87583e63422e0c9664fca
                                                                                    • Instruction ID: 27c2ce8c49ae04d51a130435cea58fc9a74b5ccf3d86866e7b54d2f47fc53918
                                                                                    • Opcode Fuzzy Hash: 2fbfbd7c9bbccf3fe2a09d264571932432549a7327d87583e63422e0c9664fca
                                                                                    • Instruction Fuzzy Hash: 35517B72900209BADF14EBE0CE56EFEB7B8EF14740F1444A5F505720A2EB252F58DB61
                                                                                    Function 00AEB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                    • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                    • API String ID: 1256254125-769500911
                                                                                    • Opcode ID: d81b111fa894a2695e89ca815844d6c346a233d5a460f79eda2d929567599e28
                                                                                    • Instruction ID: a90fc1e335291cb91617f49d451905cbdd16effe949481fd3373ec8da7075f0a
                                                                                    • Opcode Fuzzy Hash: d81b111fa894a2695e89ca815844d6c346a233d5a460f79eda2d929567599e28
                                                                                    • Instruction Fuzzy Hash: 45411832A100679BCB206F7ECD945BFB7B5AFA1754B244529E421DB284F731CD81C7A0
                                                                                    Function 00AF5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00AF53A0
                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00AF5416
                                                                                    • GetLastError.KERNEL32 ref: 00AF5420
                                                                                    • SetErrorMode.KERNEL32(00000000,READY), ref: 00AF54A7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Error$Mode$DiskFreeLastSpace
                                                                                    • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                    • API String ID: 4194297153-14809454
                                                                                    • Opcode ID: b8261a329d86d1a1fbfbeb7a3beea92b6d6258dc5d712901a6819da7e1490afa
                                                                                    • Instruction ID: ae4787d808a1d06cfa7c8952798de3f12869e3b763ebb2d51b64e76e767133e7
                                                                                    • Opcode Fuzzy Hash: b8261a329d86d1a1fbfbeb7a3beea92b6d6258dc5d712901a6819da7e1490afa
                                                                                    • Instruction Fuzzy Hash: 71319F75E006099FD710DFA8C584ABABBB5EF05306F148069F605DB292DB31DE82CBA1
                                                                                    Function 00B13C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateMenu.USER32 ref: 00B13C79
                                                                                    • SetMenu.USER32(?,00000000), ref: 00B13C88
                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B13D10
                                                                                    • IsMenu.USER32(?), ref: 00B13D24
                                                                                    • CreatePopupMenu.USER32 ref: 00B13D2E
                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B13D5B
                                                                                    • DrawMenuBar.USER32 ref: 00B13D63
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                    • String ID: 0$F
                                                                                    • API String ID: 161812096-3044882817
                                                                                    • Opcode ID: 2257f957548198ef77dc086a2e0e4ed7fe4486f5bf1bf247019bc1dfb46f490c
                                                                                    • Instruction ID: 43c85edb0cf309fa80f3b2f06c1e6fcd30ede949e45ebd8ea01b73fcf1ae2b72
                                                                                    • Opcode Fuzzy Hash: 2257f957548198ef77dc086a2e0e4ed7fe4486f5bf1bf247019bc1dfb46f490c
                                                                                    • Instruction Fuzzy Hash: 15418A74A01209EFDB14CF64E885BEA7BF6FF49304F544068E91697360EB30AA10CB90
                                                                                    Function 00AE1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                      • Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA
                                                                                    • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00AE1F64
                                                                                    • GetDlgCtrlID.USER32 ref: 00AE1F6F
                                                                                    • GetParent.USER32 ref: 00AE1F8B
                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE1F8E
                                                                                    • GetDlgCtrlID.USER32(?), ref: 00AE1F97
                                                                                    • GetParent.USER32(?), ref: 00AE1FAB
                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE1FAE
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                    • String ID: ComboBox$ListBox
                                                                                    • API String ID: 711023334-1403004172
                                                                                    • Opcode ID: 869a3598a4d9ce246c2b7afae85305d7bef2d5f68d05a2c0e47abc348100ded7
                                                                                    • Instruction ID: 2680076f29887799beb794f608d82be819ed3d655fff18587d135c222fadddcd
                                                                                    • Opcode Fuzzy Hash: 869a3598a4d9ce246c2b7afae85305d7bef2d5f68d05a2c0e47abc348100ded7
                                                                                    • Instruction Fuzzy Hash: D321D171940214BFCF04AFA1CC85DFEBBB8EF05310F104156F961A72A1DB359918DBA0
                                                                                    Function 00AE1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                      • Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA
                                                                                    • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00AE2043
                                                                                    • GetDlgCtrlID.USER32 ref: 00AE204E
                                                                                    • GetParent.USER32 ref: 00AE206A
                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE206D
                                                                                    • GetDlgCtrlID.USER32(?), ref: 00AE2076
                                                                                    • GetParent.USER32(?), ref: 00AE208A
                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE208D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                    • String ID: ComboBox$ListBox
                                                                                    • API String ID: 711023334-1403004172
                                                                                    • Opcode ID: edbda34ff1eb531d8bfaa7414cf0fc9f4400fec5f5687ce6c8e63c812bc4c369
                                                                                    • Instruction ID: 8f448849d15e069677618622a396f8f0813c16945f7ce7b376eca1d17046d5cd
                                                                                    • Opcode Fuzzy Hash: edbda34ff1eb531d8bfaa7414cf0fc9f4400fec5f5687ce6c8e63c812bc4c369
                                                                                    • Instruction Fuzzy Hash: D921F3B1940218BFCF11AFA1CC85EFEBFB8EF09300F104045F951A71A1DA758918DB60
                                                                                    Function 00B13A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00B13A9D
                                                                                    • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00B13AA0
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B13AC7
                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B13AEA
                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00B13B62
                                                                                    • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00B13BAC
                                                                                    • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00B13BC7
                                                                                    • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00B13BE2
                                                                                    • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00B13BF6
                                                                                    • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00B13C13
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$LongWindow
                                                                                    • String ID:
                                                                                    • API String ID: 312131281-0
                                                                                    • Opcode ID: 511b5a2263af9db45be409f2c885d119b076a8419d2bd7c2955e5c9b4d48c123
                                                                                    • Instruction ID: bd7e74062b76cdc4631d6d3226109617229da247a9d91b2760b126f3cb2e3884
                                                                                    • Opcode Fuzzy Hash: 511b5a2263af9db45be409f2c885d119b076a8419d2bd7c2955e5c9b4d48c123
                                                                                    • Instruction Fuzzy Hash: F3615B75900248AFDB10DFA8CC81FEE77F8EB09714F104199FA15A72A1D774AE85DB50
                                                                                    Function 00AEB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00AEB151
                                                                                    • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB165
                                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 00AEB16C
                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB17B
                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00AEB18D
                                                                                    • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB1A6
                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB1B8
                                                                                    • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB1FD
                                                                                    • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB212
                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB21D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                    • String ID:
                                                                                    • API String ID: 2156557900-0
                                                                                    • Opcode ID: 3bb40374342963d48e786b3cc43b9a87dadfe54ea147bf1fff8a3ce3eab12db3
                                                                                    • Instruction ID: 87f2008ab10391ec8a6df669d8b0f644966dbc8399be626fb4a394ee4e968b6c
                                                                                    • Opcode Fuzzy Hash: 3bb40374342963d48e786b3cc43b9a87dadfe54ea147bf1fff8a3ce3eab12db3
                                                                                    • Instruction Fuzzy Hash: A331BB75560344BFDB129F25DC58BAF7BA9BF517A2F648008FA00D72A0DBB49A408F74
                                                                                    Function 00AB2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _free.LIBCMT ref: 00AB2C94
                                                                                      • Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
                                                                                      • Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0
                                                                                    • _free.LIBCMT ref: 00AB2CA0
                                                                                    • _free.LIBCMT ref: 00AB2CAB
                                                                                    • _free.LIBCMT ref: 00AB2CB6
                                                                                    • _free.LIBCMT ref: 00AB2CC1
                                                                                    • _free.LIBCMT ref: 00AB2CCC
                                                                                    • _free.LIBCMT ref: 00AB2CD7
                                                                                    • _free.LIBCMT ref: 00AB2CE2
                                                                                    • _free.LIBCMT ref: 00AB2CED
                                                                                    • _free.LIBCMT ref: 00AB2CFB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                    • String ID:
                                                                                    • API String ID: 776569668-0
                                                                                    • Opcode ID: 50c223c0a47512d6f9cae30164502de825c919affc2e5dcb679888b71b846d1c
                                                                                    • Instruction ID: b81bf8882f4cef83c85d38486ea20b9c05f3509535c971f7694da3c79e112ea6
                                                                                    • Opcode Fuzzy Hash: 50c223c0a47512d6f9cae30164502de825c919affc2e5dcb679888b71b846d1c
                                                                                    • Instruction Fuzzy Hash: 5F114676510108BFCB02EF54DA42EDD3BA9FF45350F5149A6F9485B222DA31EE509B90
                                                                                    Function 00AF7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AF7FAD
                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF7FC1
                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00AF7FEB
                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00AF8005
                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8017
                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8060
                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AF80B0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentDirectory$AttributesFile
                                                                                    • String ID: *.*
                                                                                    • API String ID: 769691225-438819550
                                                                                    • Opcode ID: 40f605e9f8f7c712e84caa7bcfd3ac2b86eeb4b7d01e8f1156fa11f3f871c8d9
                                                                                    • Instruction ID: 285d4c5ac6ff0f111153e589cebee56ef2d021db9216dafebb9d64201b558946
                                                                                    • Opcode Fuzzy Hash: 40f605e9f8f7c712e84caa7bcfd3ac2b86eeb4b7d01e8f1156fa11f3f871c8d9
                                                                                    • Instruction Fuzzy Hash: B381CE725082099BCB20EF94C844ABEB3E8BF89314F54485FFA85C7250EB34DD49CB92
                                                                                    Function 00A85BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetWindowLongW.USER32(?,000000EB), ref: 00A85C7A
                                                                                      • Part of subcall function 00A85D0A: GetClientRect.USER32(?,?), ref: 00A85D30
                                                                                      • Part of subcall function 00A85D0A: GetWindowRect.USER32(?,?), ref: 00A85D71
                                                                                      • Part of subcall function 00A85D0A: ScreenToClient.USER32(?,?), ref: 00A85D99
                                                                                    • GetDC.USER32 ref: 00AC46F5
                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00AC4708
                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00AC4716
                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00AC472B
                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00AC4733
                                                                                    • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00AC47C4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                    • String ID: U
                                                                                    • API String ID: 4009187628-3372436214
                                                                                    • Opcode ID: 7890387852bffeeadd7d036b0d8a5ef72f19ac7c63af7b25a7925bf70e7eea7b
                                                                                    • Instruction ID: 13f08f46055dc75eed670ad275f763c1a09d3136d6ad81cf6c0b6d8bdcdb4f53
                                                                                    • Opcode Fuzzy Hash: 7890387852bffeeadd7d036b0d8a5ef72f19ac7c63af7b25a7925bf70e7eea7b
                                                                                    • Instruction Fuzzy Hash: C971DC31800205DFCF219F64C994FEA3BB6FF4A324F154269ED565A2AAC7308C81DF60
                                                                                    Function 00AF359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00AF35E4
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                    • LoadStringW.USER32(00B52390,?,00000FFF,?), ref: 00AF360A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: LoadString$_wcslen
                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                    • API String ID: 4099089115-2391861430
                                                                                    • Opcode ID: acc6c48e15b0991f5d0e2614210d702044dafb0720462982bbd3143f8b2793b6
                                                                                    • Instruction ID: 84998b5e2b64ab291253d393d1bac4436199644691224083246456a3e6341f3b
                                                                                    • Opcode Fuzzy Hash: acc6c48e15b0991f5d0e2614210d702044dafb0720462982bbd3143f8b2793b6
                                                                                    • Instruction Fuzzy Hash: B951387280020ABADF14FBE0CE46AFEBB78AF14300F144165F205761A1EB311B99DBA1
                                                                                    Function 00B18B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2
                                                                                      • Part of subcall function 00A9912D: GetCursorPos.USER32(?), ref: 00A99141
                                                                                      • Part of subcall function 00A9912D: ScreenToClient.USER32(00000000,?), ref: 00A9915E
                                                                                      • Part of subcall function 00A9912D: GetAsyncKeyState.USER32(00000001), ref: 00A99183
                                                                                      • Part of subcall function 00A9912D: GetAsyncKeyState.USER32(00000002), ref: 00A9919D
                                                                                    • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00B18B6B
                                                                                    • ImageList_EndDrag.COMCTL32 ref: 00B18B71
                                                                                    • ReleaseCapture.USER32 ref: 00B18B77
                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00B18C12
                                                                                    • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00B18C25
                                                                                    • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00B18CFF
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                    • API String ID: 1924731296-2107944366
                                                                                    • Opcode ID: d4679266b66f96e3bf35e95b000614face44d2a5201600ea9c8ba20f3bb733aa
                                                                                    • Instruction ID: 9fead1dbc1bdf1375c02f1e31a70d72bead530a8547b71a734af6402bcca7c2b
                                                                                    • Opcode Fuzzy Hash: d4679266b66f96e3bf35e95b000614face44d2a5201600ea9c8ba20f3bb733aa
                                                                                    • Instruction Fuzzy Hash: 80517C71204300AFD700EF24DD56BAA7BE4FB88715F800AADF956972E1CB719D54CBA2
                                                                                    Function 00AFC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00AFC272
                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AFC29A
                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00AFC2CA
                                                                                    • GetLastError.KERNEL32 ref: 00AFC322
                                                                                    • SetEvent.KERNEL32(?), ref: 00AFC336
                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00AFC341
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                    • String ID:
                                                                                    • API String ID: 3113390036-3916222277
                                                                                    • Opcode ID: 817b8518391de8d6a81c01b252dd06a9636dd0eecf247cb6c50f8da75494aecf
                                                                                    • Instruction ID: c2984343db4b57b7bd34ad1e1904b6bcd2d1f6370b55649710f32be0caf9e040
                                                                                    • Opcode Fuzzy Hash: 817b8518391de8d6a81c01b252dd06a9636dd0eecf247cb6c50f8da75494aecf
                                                                                    • Instruction Fuzzy Hash: 7F31937150020CAFD7219FA68E88ABBBBFCEB49794B54851DF546D7240DB30DD049B61
                                                                                    Function 00AE989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00AC3AAF,?,?,Bad directive syntax error,00B1CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00AE98BC
                                                                                    • LoadStringW.USER32(00000000,?,00AC3AAF,?), ref: 00AE98C3
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                    • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00AE9987
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleLoadMessageModuleString_wcslen
                                                                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                    • API String ID: 858772685-4153970271
                                                                                    • Opcode ID: 754de4a4dd8abfe1333d11cc85e447843b4edc78aa61020dc29dc7f96eb94bb4
                                                                                    • Instruction ID: cf4f4caf865f645f178607cad1308c1e5c5ba48297445d9e3c25b394652a0afa
                                                                                    • Opcode Fuzzy Hash: 754de4a4dd8abfe1333d11cc85e447843b4edc78aa61020dc29dc7f96eb94bb4
                                                                                    • Instruction Fuzzy Hash: 21218B3294021AAFCF15AF90CD0AEFE7779FF19700F044469F515660A2EB719A28EB51
                                                                                    Function 00AE209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetParent.USER32 ref: 00AE20AB
                                                                                    • GetClassNameW.USER32(00000000,?,00000100), ref: 00AE20C0
                                                                                    • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00AE214D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClassMessageNameParentSend
                                                                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                    • API String ID: 1290815626-3381328864
                                                                                    • Opcode ID: e67ceb04e60e382137b78e1bc46428a8eaccfdc828a2a9e5334a1d75a5e2f12e
                                                                                    • Instruction ID: 76d1f888f6869c703dc9fbd2690cc86011fe220cde5411045954be26e72063ef
                                                                                    • Opcode Fuzzy Hash: e67ceb04e60e382137b78e1bc46428a8eaccfdc828a2a9e5334a1d75a5e2f12e
                                                                                    • Instruction Fuzzy Hash: C2112C766C4706BAF6116721DC07EE637DCCB05364B200256F704A60F2FFB15A016714
                                                                                    Function 00AB8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9c424790cac348a14454be649df833163f6625fa79526c29771ca227f02e36df
                                                                                    • Instruction ID: 90b35a5ce29e0745b5f6dc5bf96f849258c754789f70bf6f0acfe4fce8e70d69
                                                                                    • Opcode Fuzzy Hash: 9c424790cac348a14454be649df833163f6625fa79526c29771ca227f02e36df
                                                                                    • Instruction Fuzzy Hash: A8C1D174A04349AFDF11EFACD841BEEBBB8AF1A310F144199E915A7393CB349941CB61
                                                                                    Function 00ABCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                    • String ID:
                                                                                    • API String ID: 1282221369-0
                                                                                    • Opcode ID: 610884864a5ee428ed05713462a48a745cb37a2b55dcd7d5190a777e87c6101f
                                                                                    • Instruction ID: 8c195e4fad89231056323bafd89f5aaacf40ce8ebdb3e697cd28dd00d3648680
                                                                                    • Opcode Fuzzy Hash: 610884864a5ee428ed05713462a48a745cb37a2b55dcd7d5190a777e87c6101f
                                                                                    • Instruction Fuzzy Hash: FD610571A04301AFDB25BFB89981FFA7BADEF05320F0445AEF94597283EA319D019790
                                                                                    Function 00A98B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00AD6890
                                                                                    • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00AD68A9
                                                                                    • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00AD68B9
                                                                                    • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00AD68D1
                                                                                    • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00AD68F2
                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A98874,00000000,00000000,00000000,000000FF,00000000), ref: 00AD6901
                                                                                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00AD691E
                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A98874,00000000,00000000,00000000,000000FF,00000000), ref: 00AD692D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 1268354404-0
                                                                                    • Opcode ID: 817be64d3d35708523f4b2567fc6c69cafd0b6eccdc767da8523757f17115ae0
                                                                                    • Instruction ID: 8b24ee6fecc4e9434bbe67f7e7a7ad94c9ae6b4f09a76907502cc34aaf6e1c32
                                                                                    • Opcode Fuzzy Hash: 817be64d3d35708523f4b2567fc6c69cafd0b6eccdc767da8523757f17115ae0
                                                                                    • Instruction Fuzzy Hash: A0517470600209AFDF20CF28CC95BAE7BF6EB58760F144519F906972A0DB74E990DB50
                                                                                    Function 00AFC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00AFC182
                                                                                    • GetLastError.KERNEL32 ref: 00AFC195
                                                                                    • SetEvent.KERNEL32(?), ref: 00AFC1A9
                                                                                      • Part of subcall function 00AFC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00AFC272
                                                                                      • Part of subcall function 00AFC253: GetLastError.KERNEL32 ref: 00AFC322
                                                                                      • Part of subcall function 00AFC253: SetEvent.KERNEL32(?), ref: 00AFC336
                                                                                      • Part of subcall function 00AFC253: InternetCloseHandle.WININET(00000000), ref: 00AFC341
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                    • String ID:
                                                                                    • API String ID: 337547030-0
                                                                                    • Opcode ID: b49c422d4fa8061d4339af2a7e13a22f0c841eca0c225d697623c1bc5313d636
                                                                                    • Instruction ID: d5032df0d4e663be10b6b1a22542a5a292e5ad89ae8b14db57c24a8f2395088b
                                                                                    • Opcode Fuzzy Hash: b49c422d4fa8061d4339af2a7e13a22f0c841eca0c225d697623c1bc5313d636
                                                                                    • Instruction Fuzzy Hash: F9318D7114060DAFDB21AFE6DE44AF6BBF8FF18320B00851DFA5683611DB30E9149BA0
                                                                                    Function 00AE25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE3A57
                                                                                      • Part of subcall function 00AE3A3D: GetCurrentThreadId.KERNEL32 ref: 00AE3A5E
                                                                                      • Part of subcall function 00AE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AE25B3), ref: 00AE3A65
                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00AE25BD
                                                                                    • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00AE25DB
                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00AE25DF
                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00AE25E9
                                                                                    • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00AE2601
                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00AE2605
                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00AE260F
                                                                                    • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00AE2623
                                                                                    • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00AE2627
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2014098862-0
                                                                                    • Opcode ID: f85cefd9f3f26655ddf71319ed4e28de45a02c2b0cf5df08dc183b4cad3094f0
                                                                                    • Instruction ID: a165cd63ec9510f17e5e4d2cf27826669df9d6746bf2e8aba2f04be89137d2ad
                                                                                    • Opcode Fuzzy Hash: f85cefd9f3f26655ddf71319ed4e28de45a02c2b0cf5df08dc183b4cad3094f0
                                                                                    • Instruction Fuzzy Hash: D001D4313D0354BBFB1067699C8EF993F99DB4EB52F604011F318AF0D5CDE224448A69
                                                                                    Function 00AE1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00AE1449,?,?,00000000), ref: 00AE180C
                                                                                    • HeapAlloc.KERNEL32(00000000,?,00AE1449,?,?,00000000), ref: 00AE1813
                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00AE1449,?,?,00000000), ref: 00AE1828
                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,00AE1449,?,?,00000000), ref: 00AE1830
                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00AE1449,?,?,00000000), ref: 00AE1833
                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00AE1449,?,?,00000000), ref: 00AE1843
                                                                                    • GetCurrentProcess.KERNEL32(00AE1449,00000000,?,00AE1449,?,?,00000000), ref: 00AE184B
                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00AE1449,?,?,00000000), ref: 00AE184E
                                                                                    • CreateThread.KERNEL32(00000000,00000000,00AE1874,00000000,00000000,00000000), ref: 00AE1868
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                    • String ID:
                                                                                    • API String ID: 1957940570-0
                                                                                    • Opcode ID: 6ea89ef34c2a53c2314a838de8d95348326a0c57da3546bf38bbf7956cafc706
                                                                                    • Instruction ID: 605e8968f4f7f7fadcfeb4a6a7389ca6b35c393ad60edc59d3c484314930b441
                                                                                    • Opcode Fuzzy Hash: 6ea89ef34c2a53c2314a838de8d95348326a0c57da3546bf38bbf7956cafc706
                                                                                    • Instruction Fuzzy Hash: D501BFB52C0344BFE710AB65DC4DF977FACEB89B11F508411FA05DB191CA709810CB20
                                                                                    Function 00B0A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AED4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00AED501
                                                                                      • Part of subcall function 00AED4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00AED50F
                                                                                      • Part of subcall function 00AED4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 00AED5DC
                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B0A16D
                                                                                    • GetLastError.KERNEL32 ref: 00B0A180
                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B0A1B3
                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 00B0A268
                                                                                    • GetLastError.KERNEL32(00000000), ref: 00B0A273
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B0A2C4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                                    • String ID: SeDebugPrivilege
                                                                                    • API String ID: 1701285019-2896544425
                                                                                    • Opcode ID: 9774f5d77ce87ecafd89e5d79a9911e7fa8147f4b70f6606f4553962a94894e5
                                                                                    • Instruction ID: c6e9c73e9b9b8445aafd6d10074f7e9e783c2db2fcd412b4f3c1b846419e135e
                                                                                    • Opcode Fuzzy Hash: 9774f5d77ce87ecafd89e5d79a9911e7fa8147f4b70f6606f4553962a94894e5
                                                                                    • Instruction Fuzzy Hash: 81616A30204342AFE720DF19C594F16BBE1AF54318F54889CE4668B6A3CB72ED49CB92
                                                                                    Function 00B13886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00B13925
                                                                                    • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00B1393A
                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00B13954
                                                                                    • _wcslen.LIBCMT ref: 00B13999
                                                                                    • SendMessageW.USER32(?,00001057,00000000,?), ref: 00B139C6
                                                                                    • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00B139F4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window_wcslen
                                                                                    • String ID: SysListView32
                                                                                    • API String ID: 2147712094-78025650
                                                                                    • Opcode ID: d1789386db441fcf889065c141258ef34a3aafc26127b3370eb0862ee0fa74c9
                                                                                    • Instruction ID: 0ca923eeb6146bb31e5fa3705616ec77a841181a60ff88a38c0d6fe665e046cf
                                                                                    • Opcode Fuzzy Hash: d1789386db441fcf889065c141258ef34a3aafc26127b3370eb0862ee0fa74c9
                                                                                    • Instruction Fuzzy Hash: 6941C431A00218ABEF219F64CC45FEA7BE9EF08750F500566F959E7281E7719E80CB90
                                                                                    Function 00AEBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AEBCFD
                                                                                    • IsMenu.USER32(00000000), ref: 00AEBD1D
                                                                                    • CreatePopupMenu.USER32 ref: 00AEBD53
                                                                                    • GetMenuItemCount.USER32(00FE77C0), ref: 00AEBDA4
                                                                                    • InsertMenuItemW.USER32(00FE77C0,?,00000001,00000030), ref: 00AEBDCC
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                    • String ID: 0$2
                                                                                    • API String ID: 93392585-3793063076
                                                                                    • Opcode ID: 38e84baeb3ff4f7e475dc65e6af821107e88c9151232d626889f6753f2fe8978
                                                                                    • Instruction ID: 0bbdb9e15fe1df37dfc9136a7a0886d2fcbb256ec644c70a7e0a61cca36f8f8a
                                                                                    • Opcode Fuzzy Hash: 38e84baeb3ff4f7e475dc65e6af821107e88c9151232d626889f6753f2fe8978
                                                                                    • Instruction Fuzzy Hash: CE519C70A102899BDF20CFAADDC8BAFBBF9AF55314F248229E411D7291D7709941CB71
                                                                                    Function 00AEC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadIconW.USER32(00000000,00007F03), ref: 00AEC913
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: IconLoad
                                                                                    • String ID: blank$info$question$stop$warning
                                                                                    • API String ID: 2457776203-404129466
                                                                                    • Opcode ID: f094d8ad83e019ac2dd21fe353c605cd1ed63c468d9c801c3ab1a9251c2c9fac
                                                                                    • Instruction ID: e9ea3da781bcf42dfab73aab87d442adde9d37f858d1ed34d91da4132a09d3ca
                                                                                    • Opcode Fuzzy Hash: f094d8ad83e019ac2dd21fe353c605cd1ed63c468d9c801c3ab1a9251c2c9fac
                                                                                    • Instruction Fuzzy Hash: F5112C32689346BAE7019B55DD83CEE77ECDF16374B60006AF900A72D3E7B45E016269
                                                                                    Function 00AEDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                    • String ID: 0.0.0.0
                                                                                    • API String ID: 642191829-3771769585
                                                                                    • Opcode ID: 824261c2dd4ee48abef5030dad54ce112d0da19d085637e507ceafe4c1626b50
                                                                                    • Instruction ID: c342bbfbc3919013d245e5d08d1b4309a1c8c9e38a5b16d4849cd6d84185a3d6
                                                                                    • Opcode Fuzzy Hash: 824261c2dd4ee48abef5030dad54ce112d0da19d085637e507ceafe4c1626b50
                                                                                    • Instruction Fuzzy Hash: 0811D371904215AFCB20AB61DD4AEEF7BBCDF56711F0001A9F545EB0D1EFB18E818AA0
                                                                                    Function 00B19F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2
                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 00B19FC7
                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 00B19FE7
                                                                                    • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00B1A224
                                                                                    • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00B1A242
                                                                                    • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00B1A263
                                                                                    • ShowWindow.USER32(00000003,00000000), ref: 00B1A282
                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00B1A2A7
                                                                                    • DefDlgProcW.USER32(?,00000005,?,?), ref: 00B1A2CA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                    • String ID:
                                                                                    • API String ID: 1211466189-0
                                                                                    • Opcode ID: 283a1de3c9da73ee6ae14ca0fffb4911aa75b8fa884640890be8bc6b67f0eac5
                                                                                    • Instruction ID: 557a9be006253e1ceb831bfa6da6a7099ac61fd0020efa2140779c4fbde84fa8
                                                                                    • Opcode Fuzzy Hash: 283a1de3c9da73ee6ae14ca0fffb4911aa75b8fa884640890be8bc6b67f0eac5
                                                                                    • Instruction Fuzzy Hash: 36B1B731601215EBCF14CF68C9857EE7BF2FF48701F5880A9EC49AB295DB31A980CB91
                                                                                    Function 00AEED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$LocalTime
                                                                                    • String ID:
                                                                                    • API String ID: 952045576-0
                                                                                    • Opcode ID: b5729f8759112dcf4c64d9f938e3adf026942de542abcde844c992d712b5b36b
                                                                                    • Instruction ID: a92afc3b3ddc2db6d58a36d4efdbc4d7af36c1a384196ebea148f2d7b586efa7
                                                                                    • Opcode Fuzzy Hash: b5729f8759112dcf4c64d9f938e3adf026942de542abcde844c992d712b5b36b
                                                                                    • Instruction Fuzzy Hash: C241B265C10258B6DB11EBF5CC8AACFB7ACAF46310F508462F518E3161FB34E255C7A5
                                                                                    Function 00A9F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00A9F953
                                                                                    • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00ADF3D1
                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00ADF454
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ShowWindow
                                                                                    • String ID:
                                                                                    • API String ID: 1268545403-0
                                                                                    • Opcode ID: 31fea9b5cb9831b3a10c7b703678aa0b312a6129384cbcc38afa92b41ef5fada
                                                                                    • Instruction ID: 89beb3174bdbe663bad00a75c7a4601b4b1429d39857e2da9e993c3597ed6fa5
                                                                                    • Opcode Fuzzy Hash: 31fea9b5cb9831b3a10c7b703678aa0b312a6129384cbcc38afa92b41ef5fada
                                                                                    • Instruction Fuzzy Hash: D741F831718680BECF399B2DCD8876B7FE2AB56314F54843DE497D7660CA71A880CB11
                                                                                    Function 00B12D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DeleteObject.GDI32(00000000), ref: 00B12D1B
                                                                                    • GetDC.USER32(00000000), ref: 00B12D23
                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B12D2E
                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00B12D3A
                                                                                    • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00B12D76
                                                                                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00B12D87
                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00B15A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00B12DC2
                                                                                    • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00B12DE1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                    • String ID:
                                                                                    • API String ID: 3864802216-0
                                                                                    • Opcode ID: 8b58bb1c28b99336d496936f5065bda119660b7bdde84234f4b81686f183adba
                                                                                    • Instruction ID: 4ea0c0e766f9ff87952661941d78c4f005ec3ebd9c9a632aa1ee4943a8821dc1
                                                                                    • Opcode Fuzzy Hash: 8b58bb1c28b99336d496936f5065bda119660b7bdde84234f4b81686f183adba
                                                                                    • Instruction Fuzzy Hash: F0316B72241214BFEB158F50DC8AFEB3FA9EB09715F4480A5FE089B291CA759C50CBA4
                                                                                    Function 00AE5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _memcmp
                                                                                    • String ID:
                                                                                    • API String ID: 2931989736-0
                                                                                    • Opcode ID: 2a82d3c0362c2cfee96e1c051ecbbb9b3cf9dcc925cdd04d78b967983ac98a36
                                                                                    • Instruction ID: c4249a8884e0308e8c64560a4b23ec1d0b8d76208525fd85b31c9377fd0275c9
                                                                                    • Opcode Fuzzy Hash: 2a82d3c0362c2cfee96e1c051ecbbb9b3cf9dcc925cdd04d78b967983ac98a36
                                                                                    • Instruction Fuzzy Hash: 7B219871E409457796149A326E92FFB33ACAE11388F580020FD045F5C1F761ED50C1F5
                                                                                    Function 00B04FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: NULL Pointer assignment$Not an Object type
                                                                                    • API String ID: 0-572801152
                                                                                    • Opcode ID: 1ef8327a3305c29b19722276bb3a27c0cbfc1c36b4a77d9bd8ff0c39ee8a01c7
                                                                                    • Instruction ID: 70cafdfd61bc3f623b0edaa95ca9333e16721f6d1ebc5b91e48326115c868b65
                                                                                    • Opcode Fuzzy Hash: 1ef8327a3305c29b19722276bb3a27c0cbfc1c36b4a77d9bd8ff0c39ee8a01c7
                                                                                    • Instruction Fuzzy Hash: BFD17D75A0060A9FDF20CF98C881AAEBBF5FF48344F1484A9E915AB691E770DD45CF90
                                                                                    Function 00AC1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00AC17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00AC15CE
                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00AC17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00AC1651
                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00AC17FB,?,00AC17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00AC16E4
                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00AC17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00AC16FB
                                                                                      • Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852
                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00AC17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00AC1777
                                                                                    • __freea.LIBCMT ref: 00AC17A2
                                                                                    • __freea.LIBCMT ref: 00AC17AE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                    • String ID:
                                                                                    • API String ID: 2829977744-0
                                                                                    • Opcode ID: 1ae1371ac1f310c2194e0c5de66d62454a6f9198de54e8a769ee33d5e9bc7106
                                                                                    • Instruction ID: 6ffaa93b93273f3a45bb86edc5de0d70dc46750a9a48aa35e5d07896af5be96e
                                                                                    • Opcode Fuzzy Hash: 1ae1371ac1f310c2194e0c5de66d62454a6f9198de54e8a769ee33d5e9bc7106
                                                                                    • Instruction Fuzzy Hash: 23919272F0021A9ADF208F64C991FEE7BB5AF4A710F1A465DE801E7242DB35DD41CBA0
                                                                                    Function 00B04523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Variant$ClearInit
                                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                    • API String ID: 2610073882-625585964
                                                                                    • Opcode ID: 280ca01b5d08334d6f08c9177da9a5944a202a58afd752a795916a0890466c30
                                                                                    • Instruction ID: e924d1cfdfd3667b2cecfe3025e582b8c767575d4673d534f7b8e892b0b56f69
                                                                                    • Opcode Fuzzy Hash: 280ca01b5d08334d6f08c9177da9a5944a202a58afd752a795916a0890466c30
                                                                                    • Instruction Fuzzy Hash: 4B9171B1A00215ABDF20CFA5D884FAE7BF8EF46714F108599F615AB281D7709D45CFA0
                                                                                    Function 00AF1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00AF125C
                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00AF1284
                                                                                    • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00AF12A8
                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF12D8
                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF135F
                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF13C4
                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF1430
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                    • String ID:
                                                                                    • API String ID: 2550207440-0
                                                                                    • Opcode ID: 034d2239e80d2831b745c60463b99156eba8eac40b1350fc0cadf87c68a84408
                                                                                    • Instruction ID: 2b8016729c61b2b6cd2ae7ae0f9c5a8b58c9c77f86a96d8ad3d7fc6309ad911b
                                                                                    • Opcode Fuzzy Hash: 034d2239e80d2831b745c60463b99156eba8eac40b1350fc0cadf87c68a84408
                                                                                    • Instruction Fuzzy Hash: 3A919B75A00219EFDB009FE8C884BBEB7B5FF45325F108029FA51EB291D774A941CB90
                                                                                    Function 00A9948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                    • String ID:
                                                                                    • API String ID: 3225163088-0
                                                                                    • Opcode ID: 75b6758c37a516b77df585e0b808d3b8d2aa1d1857e3bae9695e266779e4e0a8
                                                                                    • Instruction ID: 05adddf305d93eb692145fb58f4191380a02fe1da68225f99a2aa5e782af5267
                                                                                    • Opcode Fuzzy Hash: 75b6758c37a516b77df585e0b808d3b8d2aa1d1857e3bae9695e266779e4e0a8
                                                                                    • Instruction Fuzzy Hash: B7912571A40219AFCF15CFA9C888AEFBBB8FF49320F14805AE515B7251D774AA41CB60
                                                                                    Function 00B03947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VariantInit.OLEAUT32(?), ref: 00B0396B
                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00B03A7A
                                                                                    • _wcslen.LIBCMT ref: 00B03A8A
                                                                                    • VariantClear.OLEAUT32(?), ref: 00B03C1F
                                                                                      • Part of subcall function 00AF0CDF: VariantInit.OLEAUT32(00000000), ref: 00AF0D1F
                                                                                      • Part of subcall function 00AF0CDF: VariantCopy.OLEAUT32(?,?), ref: 00AF0D28
                                                                                      • Part of subcall function 00AF0CDF: VariantClear.OLEAUT32(?), ref: 00AF0D34
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                    • API String ID: 4137639002-1221869570
                                                                                    • Opcode ID: a8d0330efa1b973a7899c1ca1e61321992df2f33dd9a5e26f150229c90eb1837
                                                                                    • Instruction ID: ffd7055cab0d4932fa257945345eba5d30f400fc0d4f122fbaf54107ae8a8fe8
                                                                                    • Opcode Fuzzy Hash: a8d0330efa1b973a7899c1ca1e61321992df2f33dd9a5e26f150229c90eb1837
                                                                                    • Instruction Fuzzy Hash: 6C916D756083059FC704EF24C58496ABBE8FF89714F14886DF48A97391DB30EE45CB92
                                                                                    Function 00B04BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AE000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?,?,00AE035E), ref: 00AE002B
                                                                                      • Part of subcall function 00AE000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0046
                                                                                      • Part of subcall function 00AE000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0054
                                                                                      • Part of subcall function 00AE000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?), ref: 00AE0064
                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00B04C51
                                                                                    • _wcslen.LIBCMT ref: 00B04D59
                                                                                    • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00B04DCF
                                                                                    • CoTaskMemFree.OLE32(?), ref: 00B04DDA
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                    • String ID: NULL Pointer assignment
                                                                                    • API String ID: 614568839-2785691316
                                                                                    • Opcode ID: 69863e8fd24fd2d9a7fb778132130fd242e086a0110f96377122c0284bd292ff
                                                                                    • Instruction ID: c089354ce97d44ef83dda7543df6dcda61e58c972502c2e73f3831b6964c32f5
                                                                                    • Opcode Fuzzy Hash: 69863e8fd24fd2d9a7fb778132130fd242e086a0110f96377122c0284bd292ff
                                                                                    • Instruction Fuzzy Hash: 1E9108B1D002199FDF14EFA4D891AEEBBB8FF08310F1085AAE515A7291DB709E44CF60
                                                                                    Function 00B120FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetMenu.USER32(?), ref: 00B12183
                                                                                    • GetMenuItemCount.USER32(00000000), ref: 00B121B5
                                                                                    • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00B121DD
                                                                                    • _wcslen.LIBCMT ref: 00B12213
                                                                                    • GetMenuItemID.USER32(?,?), ref: 00B1224D
                                                                                    • GetSubMenu.USER32(?,?), ref: 00B1225B
                                                                                      • Part of subcall function 00AE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE3A57
                                                                                      • Part of subcall function 00AE3A3D: GetCurrentThreadId.KERNEL32 ref: 00AE3A5E
                                                                                      • Part of subcall function 00AE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AE25B3), ref: 00AE3A65
                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B122E3
                                                                                      • Part of subcall function 00AEE97B: Sleep.KERNEL32 ref: 00AEE9F3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 4196846111-0
                                                                                    • Opcode ID: 608e5bfc9d7e5ea62f205eeffe01ecd4c759d997062e61c9ef15451f89578118
                                                                                    • Instruction ID: 428a61531886a0d090a21dd661f797baf87ab8c82afc2ff2e61a53cda697754b
                                                                                    • Opcode Fuzzy Hash: 608e5bfc9d7e5ea62f205eeffe01ecd4c759d997062e61c9ef15451f89578118
                                                                                    • Instruction Fuzzy Hash: E6718E75A00205AFCB14EF64C985AEEBBF5EF48310F548499E916EB341DB34ED918B90
                                                                                    Function 00B17E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • IsWindow.USER32(00FE7518), ref: 00B17F37
                                                                                    • IsWindowEnabled.USER32(00FE7518), ref: 00B17F43
                                                                                    • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00B1801E
                                                                                    • SendMessageW.USER32(00FE7518,000000B0,?,?), ref: 00B18051
                                                                                    • IsDlgButtonChecked.USER32(?,?), ref: 00B18089
                                                                                    • GetWindowLongW.USER32(00FE7518,000000EC), ref: 00B180AB
                                                                                    • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00B180C3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                    • String ID:
                                                                                    • API String ID: 4072528602-0
                                                                                    • Opcode ID: 4f900cc3f5fba26b45ce6f1cf165a0b3afbb412b39a02d648be82b4e7a590ebb
                                                                                    • Instruction ID: a1a2a3acbe649f9ca54a9358354fcd4493c7c5a70f833c317597be6049a95809
                                                                                    • Opcode Fuzzy Hash: 4f900cc3f5fba26b45ce6f1cf165a0b3afbb412b39a02d648be82b4e7a590ebb
                                                                                    • Instruction Fuzzy Hash: 76718C75688244AFEB219F64C884FEB7BF5FF09300F944499E94597261CF31AC86CB50
                                                                                    Function 00AEAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetParent.USER32(?), ref: 00AEAEF9
                                                                                    • GetKeyboardState.USER32(?), ref: 00AEAF0E
                                                                                    • SetKeyboardState.USER32(?), ref: 00AEAF6F
                                                                                    • PostMessageW.USER32(?,00000101,00000010,?), ref: 00AEAF9D
                                                                                    • PostMessageW.USER32(?,00000101,00000011,?), ref: 00AEAFBC
                                                                                    • PostMessageW.USER32(?,00000101,00000012,?), ref: 00AEAFFD
                                                                                    • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00AEB020
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                    • String ID:
                                                                                    • API String ID: 87235514-0
                                                                                    • Opcode ID: ba8c6f9fecfc001594a1366413411907ebc897a0444972a422d9ff3a7f848319
                                                                                    • Instruction ID: 3dbdad5f087ea29f9fa104131b5a580390b5cf2aaf67f49517f0515b1fcd7677
                                                                                    • Opcode Fuzzy Hash: ba8c6f9fecfc001594a1366413411907ebc897a0444972a422d9ff3a7f848319
                                                                                    • Instruction Fuzzy Hash: 2C51D0A06147D53DFB36833A8C49BBBBEE95B06304F088489E1D9468C2C798FCC8D761
                                                                                    Function 00AEACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetParent.USER32(00000000), ref: 00AEAD19
                                                                                    • GetKeyboardState.USER32(?), ref: 00AEAD2E
                                                                                    • SetKeyboardState.USER32(?), ref: 00AEAD8F
                                                                                    • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00AEADBB
                                                                                    • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00AEADD8
                                                                                    • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00AEAE17
                                                                                    • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00AEAE38
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                    • String ID:
                                                                                    • API String ID: 87235514-0
                                                                                    • Opcode ID: e7ad555341498913255d94c54d13815c8b22b13a9a0a411a60532afb442631dd
                                                                                    • Instruction ID: fb12c8d31b1959c96cba565b666ca97158e4b4c7c0d193f33b8faa075e596704
                                                                                    • Opcode Fuzzy Hash: e7ad555341498913255d94c54d13815c8b22b13a9a0a411a60532afb442631dd
                                                                                    • Instruction Fuzzy Hash: 185107A16047E53DFB3383368C95BBABEA95F56300F088488E1D9468C3D794FC88D762
                                                                                    Function 00AB542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetConsoleCP.KERNEL32(00AC3CD6,?,?,?,?,?,?,?,?,00AB5BA3,?,?,00AC3CD6,?,?), ref: 00AB5470
                                                                                    • __fassign.LIBCMT ref: 00AB54EB
                                                                                    • __fassign.LIBCMT ref: 00AB5506
                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00AC3CD6,00000005,00000000,00000000), ref: 00AB552C
                                                                                    • WriteFile.KERNEL32(?,00AC3CD6,00000000,00AB5BA3,00000000,?,?,?,?,?,?,?,?,?,00AB5BA3,?), ref: 00AB554B
                                                                                    • WriteFile.KERNEL32(?,?,00000001,00AB5BA3,00000000,?,?,?,?,?,?,?,?,?,00AB5BA3,?), ref: 00AB5584
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                    • String ID:
                                                                                    • API String ID: 1324828854-0
                                                                                    • Opcode ID: fa206fdd3fc7ee432d339159fceb2e3a9c49637bd79aec5c25fd4a0983ab85f0
                                                                                    • Instruction ID: f066c3551422a2f8f85cb259e97f9cba160f0bd7057ff639023a0b1fbe1ce307
                                                                                    • Opcode Fuzzy Hash: fa206fdd3fc7ee432d339159fceb2e3a9c49637bd79aec5c25fd4a0983ab85f0
                                                                                    • Instruction Fuzzy Hash: A751BF71E00649AFDB20CFA8D885BEEBBF9EF09301F14415AE955E7292D7309A51CB60
                                                                                    Function 00AA2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00AA2D4B
                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00AA2D53
                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00AA2DE1
                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00AA2E0C
                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00AA2E61
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                    • String ID: csm
                                                                                    • API String ID: 1170836740-1018135373
                                                                                    • Opcode ID: f364b4f7cbfa69832d9600beae3845694824d17409871ef0639f5791381c6564
                                                                                    • Instruction ID: a27f7aecd0757d635e92c0fd1b71d632f79d56c5594d406691bf2b13e19bd828
                                                                                    • Opcode Fuzzy Hash: f364b4f7cbfa69832d9600beae3845694824d17409871ef0639f5791381c6564
                                                                                    • Instruction Fuzzy Hash: 7B419134A01209ABCF10DF6CC845BAEBBB5BF46324F148155E8146B3E2DB35EE65CB90
                                                                                    Function 00B010B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00B0304E: inet_addr.WSOCK32(?), ref: 00B0307A
                                                                                      • Part of subcall function 00B0304E: _wcslen.LIBCMT ref: 00B0309B
                                                                                    • socket.WSOCK32(00000002,00000001,00000006), ref: 00B01112
                                                                                    • WSAGetLastError.WSOCK32 ref: 00B01121
                                                                                    • WSAGetLastError.WSOCK32 ref: 00B011C9
                                                                                    • closesocket.WSOCK32(00000000), ref: 00B011F9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                    • String ID:
                                                                                    • API String ID: 2675159561-0
                                                                                    • Opcode ID: 28f7e58d1beb436bb77a438190dc4603ae59e685b0ef43ae1c8014a078c844ff
                                                                                    • Instruction ID: 1f199bc151f6ded3ae336795f167eccd753475120e141b9509c1d88307ea698d
                                                                                    • Opcode Fuzzy Hash: 28f7e58d1beb436bb77a438190dc4603ae59e685b0ef43ae1c8014a078c844ff
                                                                                    • Instruction Fuzzy Hash: 5241D431600204AFDB189F18C885BAABFE9FF45364F148499F916AB2D1CB70ED41CBE1
                                                                                    Function 00AECF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00AECF22,?), ref: 00AEDDFD
                                                                                      • Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00AECF22,?), ref: 00AEDE16
                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00AECF45
                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00AECF7F
                                                                                    • _wcslen.LIBCMT ref: 00AED005
                                                                                    • _wcslen.LIBCMT ref: 00AED01B
                                                                                    • SHFileOperationW.SHELL32(?), ref: 00AED061
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                    • String ID: \*.*
                                                                                    • API String ID: 3164238972-1173974218
                                                                                    • Opcode ID: 263831deb5bf0131bcc677008a724b29a93534d833894c63ce08835ed37eea54
                                                                                    • Instruction ID: 630c379226dab82280476a5adb9bb0ed34fa9da337709ac16b8dd744e3fdd157
                                                                                    • Opcode Fuzzy Hash: 263831deb5bf0131bcc677008a724b29a93534d833894c63ce08835ed37eea54
                                                                                    • Instruction Fuzzy Hash: D04166719452585FDF12EFA5CA81ADEB7B9AF08380F0000E6E505EB142EB34AB89CB50
                                                                                    Function 00B12DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00B12E1C
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B12E4F
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B12E84
                                                                                    • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00B12EB6
                                                                                    • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00B12EE0
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B12EF1
                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B12F0B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: LongWindow$MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 2178440468-0
                                                                                    • Opcode ID: 81873ccef01359d34b1cdbc889ed0cb849a4c38e3b76feb794657f5c0584c1c7
                                                                                    • Instruction ID: 77902a1c814d46a161814715da69112ae71d8bc077161537370991ef7349f97a
                                                                                    • Opcode Fuzzy Hash: 81873ccef01359d34b1cdbc889ed0cb849a4c38e3b76feb794657f5c0584c1c7
                                                                                    • Instruction Fuzzy Hash: A8311232644250AFEB21CF58DC85FA53BE1FB9A711F9541A4F9108F2B2CB71ACA1DB41
                                                                                    Function 00AE7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE7769
                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE778F
                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00AE7792
                                                                                    • SysAllocString.OLEAUT32(?), ref: 00AE77B0
                                                                                    • SysFreeString.OLEAUT32(?), ref: 00AE77B9
                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00AE77DE
                                                                                    • SysAllocString.OLEAUT32(?), ref: 00AE77EC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                    • String ID:
                                                                                    • API String ID: 3761583154-0
                                                                                    • Opcode ID: 5f8128ced376c2724a968f58758e5194dec7fdaa5ac70cc9ab1c16ce92a53a5d
                                                                                    • Instruction ID: 84bb08ac18b8dc18ce65f7d0c89e6bfbd3949054e2b3476f448f9838ec28f384
                                                                                    • Opcode Fuzzy Hash: 5f8128ced376c2724a968f58758e5194dec7fdaa5ac70cc9ab1c16ce92a53a5d
                                                                                    • Instruction Fuzzy Hash: 1D219076608219AFDF10DFA9CC88CFF77ACEB097647448025FA15DB250DA70DC428764
                                                                                    Function 00AE77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE7842
                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE7868
                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00AE786B
                                                                                    • SysAllocString.OLEAUT32 ref: 00AE788C
                                                                                    • SysFreeString.OLEAUT32 ref: 00AE7895
                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00AE78AF
                                                                                    • SysAllocString.OLEAUT32(?), ref: 00AE78BD
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                    • String ID:
                                                                                    • API String ID: 3761583154-0
                                                                                    • Opcode ID: 7e010ab40e4d029f9b608541cddffb4515b09e9fc0eb04de528bc76ab65bc320
                                                                                    • Instruction ID: eb428820d84f8d62cfa07c556135f6b935c922cd7f65c13209f9166b80628179
                                                                                    • Opcode Fuzzy Hash: 7e010ab40e4d029f9b608541cddffb4515b09e9fc0eb04de528bc76ab65bc320
                                                                                    • Instruction Fuzzy Hash: 4821AF76608214AFEF10AFA9DC88DAE77ECEB193607508125F915CB2A1DA70DC81CB64
                                                                                    Function 00AF04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetStdHandle.KERNEL32(0000000C), ref: 00AF04F2
                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AF052E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateHandlePipe
                                                                                    • String ID: nul
                                                                                    • API String ID: 1424370930-2873401336
                                                                                    • Opcode ID: f8a4e94e81c2bd6d9eedaa15f8cb8d0c1d57e7942e27c82f6cfb083be23b9c5b
                                                                                    • Instruction ID: cf5a795d7368619755e09b2de4a500693898e33b10ff1d0b08a81421ad8ad00d
                                                                                    • Opcode Fuzzy Hash: f8a4e94e81c2bd6d9eedaa15f8cb8d0c1d57e7942e27c82f6cfb083be23b9c5b
                                                                                    • Instruction Fuzzy Hash: BA216075500309ABDF209FA9DC44EAA7BB4AF44764F208A19FAA1D72E1D7B0D940CF60
                                                                                    Function 00AF05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00AF05C6
                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AF0601
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateHandlePipe
                                                                                    • String ID: nul
                                                                                    • API String ID: 1424370930-2873401336
                                                                                    • Opcode ID: 3cb54f6b65b03e851ec099d0b02fa1968b5cbfed21e389d913a0ed84a343990c
                                                                                    • Instruction ID: 9c3ea0ed3394fa2f867e2547f34b14bcc45af6e81a789f9dda77291a1a07a7e7
                                                                                    • Opcode Fuzzy Hash: 3cb54f6b65b03e851ec099d0b02fa1968b5cbfed21e389d913a0ed84a343990c
                                                                                    • Instruction Fuzzy Hash: 2321A6755003199BDB208FA88C04EAA7BE4AF95760F204B19FAA1E72D1DBF09960CB50
                                                                                    Function 00B140AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A8600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A8604C
                                                                                      • Part of subcall function 00A8600E: GetStockObject.GDI32(00000011), ref: 00A86060
                                                                                      • Part of subcall function 00A8600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A8606A
                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00B14112
                                                                                    • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00B1411F
                                                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00B1412A
                                                                                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00B14139
                                                                                    • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00B14145
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                    • String ID: Msctls_Progress32
                                                                                    • API String ID: 1025951953-3636473452
                                                                                    • Opcode ID: 6b25d1206ab618c745eca03cf022429a10d589f70d423fd37611b0a4be0c7688
                                                                                    • Instruction ID: b15544229e22a3b1cf830a8621630e5c4b61ace8272b9ee0962aa6c5693e0d84
                                                                                    • Opcode Fuzzy Hash: 6b25d1206ab618c745eca03cf022429a10d589f70d423fd37611b0a4be0c7688
                                                                                    • Instruction Fuzzy Hash: CB11B2B2140219BEEF119F64CC85EE77FADEF09798F008110BB18A6050CB729C61DBA4
                                                                                    Function 00ABD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00ABD7A3: _free.LIBCMT ref: 00ABD7CC
                                                                                    • _free.LIBCMT ref: 00ABD82D
                                                                                      • Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
                                                                                      • Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0
                                                                                    • _free.LIBCMT ref: 00ABD838
                                                                                    • _free.LIBCMT ref: 00ABD843
                                                                                    • _free.LIBCMT ref: 00ABD897
                                                                                    • _free.LIBCMT ref: 00ABD8A2
                                                                                    • _free.LIBCMT ref: 00ABD8AD
                                                                                    • _free.LIBCMT ref: 00ABD8B8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                    • String ID:
                                                                                    • API String ID: 776569668-0
                                                                                    • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                    • Instruction ID: 7627fd8b8bcd8941fe5ba718860ee3779f140c146e87d6a7afa717973869af4d
                                                                                    • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                    • Instruction Fuzzy Hash: 75111971940B44BBDA21BFB0CE47FCB7BDCAF44700F404C26B29DAA493EA65B5458760
                                                                                    Function 00AEDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00AEDA74
                                                                                    • LoadStringW.USER32(00000000), ref: 00AEDA7B
                                                                                    • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00AEDA91
                                                                                    • LoadStringW.USER32(00000000), ref: 00AEDA98
                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AEDADC
                                                                                    Strings
                                                                                    • %s (%d) : ==> %s: %s %s, xrefs: 00AEDAB9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleLoadModuleString$Message
                                                                                    • String ID: %s (%d) : ==> %s: %s %s
                                                                                    • API String ID: 4072794657-3128320259
                                                                                    • Opcode ID: dd6d765ffd23e42e18eeb817ebee24edf15613813ed4c132a0b94322fc60e90c
                                                                                    • Instruction ID: 2e4d3e51758aa231a855a3f2bf5cdcbf1c297741e10022ec7a318b1867509af5
                                                                                    • Opcode Fuzzy Hash: dd6d765ffd23e42e18eeb817ebee24edf15613813ed4c132a0b94322fc60e90c
                                                                                    • Instruction Fuzzy Hash: E50186F6540208BFEB509BA09D89EE7377CE708701F8044A1B706E7041EA749E844F74
                                                                                    Function 00AF096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • InterlockedExchange.KERNEL32(00FDF270,00FDF270), ref: 00AF097B
                                                                                    • EnterCriticalSection.KERNEL32(00FDF250,00000000), ref: 00AF098D
                                                                                    • TerminateThread.KERNEL32(?,000001F6), ref: 00AF099B
                                                                                    • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00AF09A9
                                                                                    • CloseHandle.KERNEL32(?), ref: 00AF09B8
                                                                                    • InterlockedExchange.KERNEL32(00FDF270,000001F6), ref: 00AF09C8
                                                                                    • LeaveCriticalSection.KERNEL32(00FDF250), ref: 00AF09CF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                    • String ID:
                                                                                    • API String ID: 3495660284-0
                                                                                    • Opcode ID: d4bda4307dfd8225ac81e3488e2a2616df72073150d6d2584b05e4b350e12ae9
                                                                                    • Instruction ID: 361feb85cf4f31612c2f9905d5574ac0df9effc2aa8d9a28d04e8e07098a81bf
                                                                                    • Opcode Fuzzy Hash: d4bda4307dfd8225ac81e3488e2a2616df72073150d6d2584b05e4b350e12ae9
                                                                                    • Instruction Fuzzy Hash: 05F01D31482612BBD7515B94EE88AE67E35BF01702F905015F201518A1DB749465CF90
                                                                                    Function 00B01C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __WSAFDIsSet.WSOCK32(00000000,?), ref: 00B01DC0
                                                                                    • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00B01DE1
                                                                                    • WSAGetLastError.WSOCK32 ref: 00B01DF2
                                                                                    • htons.WSOCK32(?), ref: 00B01EDB
                                                                                    • inet_ntoa.WSOCK32(?), ref: 00B01E8C
                                                                                      • Part of subcall function 00AE39E8: _strlen.LIBCMT ref: 00AE39F2
                                                                                      • Part of subcall function 00B03224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00AFEC0C), ref: 00B03240
                                                                                    • _strlen.LIBCMT ref: 00B01F35
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                    • String ID:
                                                                                    • API String ID: 3203458085-0
                                                                                    • Opcode ID: fe9162b1e8b5346d83dd39fddc4d42ab970e82954b4b370ad4d2c7ab5c16bc5a
                                                                                    • Instruction ID: 907a98c9cb0bf6bc556f8d0a19b85cddd49738e80c1616358ffb25461ff1f2a6
                                                                                    • Opcode Fuzzy Hash: fe9162b1e8b5346d83dd39fddc4d42ab970e82954b4b370ad4d2c7ab5c16bc5a
                                                                                    • Instruction Fuzzy Hash: C0B1EE30204341AFD728EF28C885E2A7BE5EF85318F54898CF4565B2E2DB31ED42CB91
                                                                                    Function 00A85D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetClientRect.USER32(?,?), ref: 00A85D30
                                                                                    • GetWindowRect.USER32(?,?), ref: 00A85D71
                                                                                    • ScreenToClient.USER32(?,?), ref: 00A85D99
                                                                                    • GetClientRect.USER32(?,?), ref: 00A85ED7
                                                                                    • GetWindowRect.USER32(?,?), ref: 00A85EF8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Rect$Client$Window$Screen
                                                                                    • String ID:
                                                                                    • API String ID: 1296646539-0
                                                                                    • Opcode ID: 4c233fb6629d74862b0a701bd72164863af2e2690482cc56f11ed31ca63cde6b
                                                                                    • Instruction ID: a296f5ab2ebc63c359e720453230cc4568dea249bef8ae05a6ff688dd7ebf28f
                                                                                    • Opcode Fuzzy Hash: 4c233fb6629d74862b0a701bd72164863af2e2690482cc56f11ed31ca63cde6b
                                                                                    • Instruction Fuzzy Hash: DEB15835A00A4ADBDB14DFB9C880BEAB7F1FF58310F14841AECA9D7250DB34AA51DB54
                                                                                    Function 00AB01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __allrem.LIBCMT ref: 00AB00BA
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB00D6
                                                                                    • __allrem.LIBCMT ref: 00AB00ED
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB010B
                                                                                    • __allrem.LIBCMT ref: 00AB0122
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB0140
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                    • String ID:
                                                                                    • API String ID: 1992179935-0
                                                                                    • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                    • Instruction ID: c40d3176f160e4d1aa8a065752494190d0be2c4929efa6c321be3b223aa06877
                                                                                    • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                    • Instruction Fuzzy Hash: 0A81C472A007069FE728AB68DD41FAB73EDAF42364F24462EF551D76C2E7B0D9008790
                                                                                    Function 00AB61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00AA82D9,00AA82D9,?,?,?,00AB644F,00000001,00000001,8BE85006), ref: 00AB6258
                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00AB644F,00000001,00000001,8BE85006,?,?,?), ref: 00AB62DE
                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00AB63D8
                                                                                    • __freea.LIBCMT ref: 00AB63E5
                                                                                      • Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852
                                                                                    • __freea.LIBCMT ref: 00AB63EE
                                                                                    • __freea.LIBCMT ref: 00AB6413
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1414292761-0
                                                                                    • Opcode ID: a36dfd9f7c267c8a35026dabae8843c3ff91ac0ef5b1734827786e8a4b91b463
                                                                                    • Instruction ID: e15b9b5736a8dc993ab518367dae161aa0cbe93eefd0493466eb608c9497cf49
                                                                                    • Opcode Fuzzy Hash: a36dfd9f7c267c8a35026dabae8843c3ff91ac0ef5b1734827786e8a4b91b463
                                                                                    • Instruction Fuzzy Hash: E551BF72A00216ABEB258F64DD81EEF7BADEB44750F154629FC05DB142EB38DC54C6A0
                                                                                    Function 00B0BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                      • Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E
                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0BCCA
                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B0BD25
                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B0BD6A
                                                                                    • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00B0BD99
                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B0BDF3
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00B0BDFF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                    • String ID:
                                                                                    • API String ID: 1120388591-0
                                                                                    • Opcode ID: 0e88cbd7229bdf64b073cd48441da60d43dee72d57fb2135a21310510b3ceb03
                                                                                    • Instruction ID: bfef971cf8a59749b392cbe099a489505d3302fa8fdf688503875b14c8b6dfa4
                                                                                    • Opcode Fuzzy Hash: 0e88cbd7229bdf64b073cd48441da60d43dee72d57fb2135a21310510b3ceb03
                                                                                    • Instruction Fuzzy Hash: 1481C430208241EFD714DF24C885E6ABBE5FF84308F1489ACF4598B2A2DB31ED45CB92
                                                                                    Function 00ADF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VariantInit.OLEAUT32(00000035), ref: 00ADF7B9
                                                                                    • SysAllocString.OLEAUT32(00000001), ref: 00ADF860
                                                                                    • VariantCopy.OLEAUT32(00ADFA64,00000000), ref: 00ADF889
                                                                                    • VariantClear.OLEAUT32(00ADFA64), ref: 00ADF8AD
                                                                                    • VariantCopy.OLEAUT32(00ADFA64,00000000), ref: 00ADF8B1
                                                                                    • VariantClear.OLEAUT32(?), ref: 00ADF8BB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Variant$ClearCopy$AllocInitString
                                                                                    • String ID:
                                                                                    • API String ID: 3859894641-0
                                                                                    • Opcode ID: 8c3024e5a9792dff622c09dc58c1aab861d285fdae632426337179d88f9b1426
                                                                                    • Instruction ID: b8c84c0dbe44eaee2a14ef51fd4ab6fa1c41c7981546c64fbed2b833c6b4f750
                                                                                    • Opcode Fuzzy Hash: 8c3024e5a9792dff622c09dc58c1aab861d285fdae632426337179d88f9b1426
                                                                                    • Instruction Fuzzy Hash: DE51C231A50310BECF24AB65D8A5B3AB3E8EF45710B248467E907DF391DB708D40CBA6
                                                                                    Function 00AF910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625
                                                                                      • Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A
                                                                                    • GetOpenFileNameW.COMDLG32(00000058), ref: 00AF94E5
                                                                                    • _wcslen.LIBCMT ref: 00AF9506
                                                                                    • _wcslen.LIBCMT ref: 00AF952D
                                                                                    • GetSaveFileNameW.COMDLG32(00000058), ref: 00AF9585
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$FileName$OpenSave
                                                                                    • String ID: X
                                                                                    • API String ID: 83654149-3081909835
                                                                                    • Opcode ID: a0f5ff6293d71682f18295db2076c9ebcf7c50cecdb864642befa683e505a445
                                                                                    • Instruction ID: 1ab59cdafdf72a0c5e6b07afcb10d17dc82c285870e0fc96e0b1b5a3dffb7b48
                                                                                    • Opcode Fuzzy Hash: a0f5ff6293d71682f18295db2076c9ebcf7c50cecdb864642befa683e505a445
                                                                                    • Instruction Fuzzy Hash: 12E1BE716083018FD724EF64C981B6BB7E4BF85314F04896DF9999B2A2DB31ED05CB92
                                                                                    Function 00A9920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2
                                                                                    • BeginPaint.USER32(?,?,?), ref: 00A99241
                                                                                    • GetWindowRect.USER32(?,?), ref: 00A992A5
                                                                                    • ScreenToClient.USER32(?,?), ref: 00A992C2
                                                                                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00A992D3
                                                                                    • EndPaint.USER32(?,?,?,?,?), ref: 00A99321
                                                                                    • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00AD71EA
                                                                                      • Part of subcall function 00A99339: BeginPath.GDI32(00000000), ref: 00A99357
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                    • String ID:
                                                                                    • API String ID: 3050599898-0
                                                                                    • Opcode ID: 9fd3a12844867f5b1613da075d0c29b5eceb05cc9f1432b3f1db015d4bd30d54
                                                                                    • Instruction ID: 0aaae6c153c77d77c89dd1fac1154679ba30404478267c87f6536bedd8b11ca5
                                                                                    • Opcode Fuzzy Hash: 9fd3a12844867f5b1613da075d0c29b5eceb05cc9f1432b3f1db015d4bd30d54
                                                                                    • Instruction Fuzzy Hash: 9D418E70204300AFDB21DF28C885FAB7BF8EB56321F14066DF9558B2B1DB719846DB61
                                                                                    Function 00AF07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • InterlockedExchange.KERNEL32(?,000001F5), ref: 00AF080C
                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00AF0847
                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00AF0863
                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00AF08DC
                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00AF08F3
                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 00AF0921
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                    • String ID:
                                                                                    • API String ID: 3368777196-0
                                                                                    • Opcode ID: dc28dbd2dab869ffadfb6cbc3ee680ea9028be95a75f308fb6a2486bfff88edf
                                                                                    • Instruction ID: 6423b650f4bdd81d1de55846323c92d5b5a7fdb15cd712697b960d6420d9cf20
                                                                                    • Opcode Fuzzy Hash: dc28dbd2dab869ffadfb6cbc3ee680ea9028be95a75f308fb6a2486bfff88edf
                                                                                    • Instruction Fuzzy Hash: 2B415971A00209AFDF14AF94DC85AAA77B8FF04310F1480A5ED00AB297DB30DE64DBA4
                                                                                    Function 00B181DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00ADF3AB,00000000,?,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00B1824C
                                                                                    • EnableWindow.USER32(?,00000000), ref: 00B18272
                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00B182D1
                                                                                    • ShowWindow.USER32(?,00000004), ref: 00B182E5
                                                                                    • EnableWindow.USER32(?,00000001), ref: 00B1830B
                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00B1832F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Show$Enable$MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 642888154-0
                                                                                    • Opcode ID: 9eb161576aa122233e778abd93b8c5735db7aa5f597dfea22672cb43aacef142
                                                                                    • Instruction ID: c2c1a99d1786e1c9f2797adc249fbbc96541d1c84396b6f178d6509a1695d069
                                                                                    • Opcode Fuzzy Hash: 9eb161576aa122233e778abd93b8c5735db7aa5f597dfea22672cb43aacef142
                                                                                    • Instruction Fuzzy Hash: 8A41B234601644EFDB22CF18D899BE47BE0FB4A715F5841E9F5184B2A2CB71AC81CF90
                                                                                    Function 00AE4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • IsWindowVisible.USER32(?), ref: 00AE4C95
                                                                                    • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00AE4CB2
                                                                                    • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00AE4CEA
                                                                                    • _wcslen.LIBCMT ref: 00AE4D08
                                                                                    • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00AE4D10
                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00AE4D1A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                    • String ID:
                                                                                    • API String ID: 72514467-0
                                                                                    • Opcode ID: 76f8e11bbd273f41017f112f3a1da7e9b053e3f09c47470078e7e17e472ee57b
                                                                                    • Instruction ID: 28eadf9c1aa6a141ad4e89bddae15ed639b47a8997e4fa5e9467c5744639a5ae
                                                                                    • Opcode Fuzzy Hash: 76f8e11bbd273f41017f112f3a1da7e9b053e3f09c47470078e7e17e472ee57b
                                                                                    • Instruction Fuzzy Hash: C921C9716042447FEB155B3A9D49E7B7FACDF49750F108029F805CB191DE65DC4196A0
                                                                                    Function 00AF581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2
                                                                                    • _wcslen.LIBCMT ref: 00AF587B
                                                                                    • CoInitialize.OLE32(00000000), ref: 00AF5995
                                                                                    • CoCreateInstance.OLE32(00B1FCF8,00000000,00000001,00B1FB68,?), ref: 00AF59AE
                                                                                    • CoUninitialize.OLE32 ref: 00AF59CC
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                    • String ID: .lnk
                                                                                    • API String ID: 3172280962-24824748
                                                                                    • Opcode ID: f2982e31b4c69858720ba3ff7d09a7539d4775937a9dc4c5bd2ccf35576ff670
                                                                                    • Instruction ID: d425a1a16560f935cb02dae4504f06f652ac21328d55d758e547e0223683ff4c
                                                                                    • Opcode Fuzzy Hash: f2982e31b4c69858720ba3ff7d09a7539d4775937a9dc4c5bd2ccf35576ff670
                                                                                    • Instruction Fuzzy Hash: 9CD17471A087059FC718EF64C58492ABBE1FF89710F14885DFA8A9B361DB31EC45CB92
                                                                                    Function 00AE175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AE0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00AE0FCA
                                                                                      • Part of subcall function 00AE0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00AE0FD6
                                                                                      • Part of subcall function 00AE0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00AE0FE5
                                                                                      • Part of subcall function 00AE0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00AE0FEC
                                                                                      • Part of subcall function 00AE0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00AE1002
                                                                                    • GetLengthSid.ADVAPI32(?,00000000,00AE1335), ref: 00AE17AE
                                                                                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00AE17BA
                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00AE17C1
                                                                                    • CopySid.ADVAPI32(00000000,00000000,?), ref: 00AE17DA
                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00AE1335), ref: 00AE17EE
                                                                                    • HeapFree.KERNEL32(00000000), ref: 00AE17F5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                    • String ID:
                                                                                    • API String ID: 3008561057-0
                                                                                    • Opcode ID: 12e4c4722c1c92fab6fbc71cc2f0c107dc39fb726de4470648b4e202a8632fb4
                                                                                    • Instruction ID: c3ba629bd7b4458a00da76b2ff7d42c035f21ca432366961c7feffd39e327245
                                                                                    • Opcode Fuzzy Hash: 12e4c4722c1c92fab6fbc71cc2f0c107dc39fb726de4470648b4e202a8632fb4
                                                                                    • Instruction Fuzzy Hash: 51118B32684215FFDB109FA5CC49FEE7BB9EB46755F608018F981A7210DB36A944CF60
                                                                                    Function 00AE14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00AE14FF
                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00AE1506
                                                                                    • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00AE1515
                                                                                    • CloseHandle.KERNEL32(00000004), ref: 00AE1520
                                                                                    • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00AE154F
                                                                                    • DestroyEnvironmentBlock.USERENV(00000000), ref: 00AE1563
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                    • String ID:
                                                                                    • API String ID: 1413079979-0
                                                                                    • Opcode ID: 83920c9b7897d048b4356cc22c68426079c3debc72a956854f4563c64e8865bb
                                                                                    • Instruction ID: 945887c71a6d70925096ce95ec89b4994816fffcb644aba296a4dd3df7d57272
                                                                                    • Opcode Fuzzy Hash: 83920c9b7897d048b4356cc22c68426079c3debc72a956854f4563c64e8865bb
                                                                                    • Instruction Fuzzy Hash: 6F1129B2540259ABDF118F98ED49FDE7BB9EF48744F048015FA05A21A0C7758E60DB60
                                                                                    Function 00AA3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetLastError.KERNEL32(?,?,00AA3379,00AA2FE5), ref: 00AA3390
                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00AA339E
                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00AA33B7
                                                                                    • SetLastError.KERNEL32(00000000,?,00AA3379,00AA2FE5), ref: 00AA3409
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                    • String ID:
                                                                                    • API String ID: 3852720340-0
                                                                                    • Opcode ID: 1ebd5adaa1846b87de893f44b898eb5016335ba632c02ba1b3ab8ebbe6cbdd2c
                                                                                    • Instruction ID: 6c8d6fb14b0c67852ee7375bd3d4fadcdca05d0821f8ec4240137f9be1e236f0
                                                                                    • Opcode Fuzzy Hash: 1ebd5adaa1846b87de893f44b898eb5016335ba632c02ba1b3ab8ebbe6cbdd2c
                                                                                    • Instruction Fuzzy Hash: 1701473760E311BFAEA62B747D856672E94EB0B7793300229F4208B2F0EF114E015154
                                                                                    Function 00AB2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetLastError.KERNEL32(?,?,00AB5686,00AC3CD6,?,00000000,?,00AB5B6A,?,?,?,?,?,00AAE6D1,?,00B48A48), ref: 00AB2D78
                                                                                    • _free.LIBCMT ref: 00AB2DAB
                                                                                    • _free.LIBCMT ref: 00AB2DD3
                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,00AAE6D1,?,00B48A48,00000010,00A84F4A,?,?,00000000,00AC3CD6), ref: 00AB2DE0
                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,00AAE6D1,?,00B48A48,00000010,00A84F4A,?,?,00000000,00AC3CD6), ref: 00AB2DEC
                                                                                    • _abort.LIBCMT ref: 00AB2DF2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                    • String ID:
                                                                                    • API String ID: 3160817290-0
                                                                                    • Opcode ID: fd5f3b9ba71b4d8319908ecb37fdab7a8dcc7ddbd7bec3fe2676eef5d097d542
                                                                                    • Instruction ID: fc5930b48c97609acc16879e1a26d36a835b27104895df6986ab3881421357a5
                                                                                    • Opcode Fuzzy Hash: fd5f3b9ba71b4d8319908ecb37fdab7a8dcc7ddbd7bec3fe2676eef5d097d542
                                                                                    • Instruction Fuzzy Hash: 32F0C83654560027D6123738BD0AFEA2B6DBFC67A1F24451AF824931D7EE3489014360
                                                                                    Function 00B18A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A99693
                                                                                      • Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996A2
                                                                                      • Part of subcall function 00A99639: BeginPath.GDI32(?), ref: 00A996B9
                                                                                      • Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996E2
                                                                                    • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00B18A4E
                                                                                    • LineTo.GDI32(?,00000003,00000000), ref: 00B18A62
                                                                                    • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00B18A70
                                                                                    • LineTo.GDI32(?,00000000,00000003), ref: 00B18A80
                                                                                    • EndPath.GDI32(?), ref: 00B18A90
                                                                                    • StrokePath.GDI32(?), ref: 00B18AA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                    • String ID:
                                                                                    • API String ID: 43455801-0
                                                                                    • Opcode ID: 2bbfb1e3c53164749ed2953778e1006540d263323ffda9cbb104f7d9253ebba0
                                                                                    • Instruction ID: 84d33a33dad3f9b984e26e50338a38f40026862de4b134c3f8943c8ec6edfae0
                                                                                    • Opcode Fuzzy Hash: 2bbfb1e3c53164749ed2953778e1006540d263323ffda9cbb104f7d9253ebba0
                                                                                    • Instruction Fuzzy Hash: 3B11F776040108FFDB129F94DC88FEA7FACEB08350F40C462BA199A1A1CB719D55DBA0
                                                                                    Function 00AE51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDC.USER32(00000000), ref: 00AE5218
                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00AE5229
                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AE5230
                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00AE5238
                                                                                    • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00AE524F
                                                                                    • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00AE5261
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CapsDevice$Release
                                                                                    • String ID:
                                                                                    • API String ID: 1035833867-0
                                                                                    • Opcode ID: 261d303609e92646e519b46b81605d9c0a9ed2c6f305f5d72ddbc819b889ee1d
                                                                                    • Instruction ID: 8fa66d471bd509ebbdff77d62cd3610dad0281bd6ea62a542d527ecc60670c79
                                                                                    • Opcode Fuzzy Hash: 261d303609e92646e519b46b81605d9c0a9ed2c6f305f5d72ddbc819b889ee1d
                                                                                    • Instruction Fuzzy Hash: 85014475E40714BBEB105BB69C49A9EBF78EF48751F148065FA05E7281DA709900CB60
                                                                                    Function 00A81BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A81BF4
                                                                                    • MapVirtualKeyW.USER32(00000010,00000000), ref: 00A81BFC
                                                                                    • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A81C07
                                                                                    • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A81C12
                                                                                    • MapVirtualKeyW.USER32(00000011,00000000), ref: 00A81C1A
                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A81C22
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Virtual
                                                                                    • String ID:
                                                                                    • API String ID: 4278518827-0
                                                                                    • Opcode ID: 580f707b4b934048841ed907b1f485c34641248c53dbebaa8d6ba2310df5f25b
                                                                                    • Instruction ID: cbda5377ca47c1bfd8ac3a91766ede3dec1dcee5a3b9916193161a64f873b013
                                                                                    • Opcode Fuzzy Hash: 580f707b4b934048841ed907b1f485c34641248c53dbebaa8d6ba2310df5f25b
                                                                                    • Instruction Fuzzy Hash: 7D0167B0942B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                    Function 00AEEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00AEEB30
                                                                                    • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00AEEB46
                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 00AEEB55
                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AEEB64
                                                                                    • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AEEB6E
                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AEEB75
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                    • String ID:
                                                                                    • API String ID: 839392675-0
                                                                                    • Opcode ID: 6576059906f0f0cd4a84e9046b05536280f522b40756dfb6f9dca5dfb1630777
                                                                                    • Instruction ID: b271a851385e8b2faa98fbd964a4a30fe020b89b791adaa439d2e83a19ea91bf
                                                                                    • Opcode Fuzzy Hash: 6576059906f0f0cd4a84e9046b05536280f522b40756dfb6f9dca5dfb1630777
                                                                                    • Instruction Fuzzy Hash: D1F03072680158BBE72157529C0DEEF3E7CEFCAB11F408158F611E3091DBA05A01C6B5
                                                                                    Function 00AD7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetClientRect.USER32(?), ref: 00AD7452
                                                                                    • SendMessageW.USER32(?,00001328,00000000,?), ref: 00AD7469
                                                                                    • GetWindowDC.USER32(?), ref: 00AD7475
                                                                                    • GetPixel.GDI32(00000000,?,?), ref: 00AD7484
                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00AD7496
                                                                                    • GetSysColor.USER32(00000005), ref: 00AD74B0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                    • String ID:
                                                                                    • API String ID: 272304278-0
                                                                                    • Opcode ID: b38f9855ba293a30a5336b2b6d546b377c80f7fefec4a9ef9b4d7cffc8320c97
                                                                                    • Instruction ID: c057263c196369b13403357d72787c84363ecad1ca5dcfe7d57b0f11d230bd01
                                                                                    • Opcode Fuzzy Hash: b38f9855ba293a30a5336b2b6d546b377c80f7fefec4a9ef9b4d7cffc8320c97
                                                                                    • Instruction Fuzzy Hash: 3D015231440215EFEB525FA4DC09BEA7FB6FB04321FA080A4F916A31A0CF311E51AB10
                                                                                    Function 00AE1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00AE187F
                                                                                    • UnloadUserProfile.USERENV(?,?), ref: 00AE188B
                                                                                    • CloseHandle.KERNEL32(?), ref: 00AE1894
                                                                                    • CloseHandle.KERNEL32(?), ref: 00AE189C
                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00AE18A5
                                                                                    • HeapFree.KERNEL32(00000000), ref: 00AE18AC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                    • String ID:
                                                                                    • API String ID: 146765662-0
                                                                                    • Opcode ID: b4f788314fb77d54bc259720de87107d5748ad6600741d9f32dac8c3703c5ca4
                                                                                    • Instruction ID: 4be6d73b956bb1e9806e65697dddec0260e8a4c621bf1fd74b49d0d4793515ed
                                                                                    • Opcode Fuzzy Hash: b4f788314fb77d54bc259720de87107d5748ad6600741d9f32dac8c3703c5ca4
                                                                                    • Instruction Fuzzy Hash: F3E0E536484211BBDB015FA1ED0C98ABF3AFF49B22B90C220F225920B0CF729430DF50
                                                                                    Function 00AEC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625
                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AEC6EE
                                                                                    • _wcslen.LIBCMT ref: 00AEC735
                                                                                    • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AEC79C
                                                                                    • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00AEC7CA
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemMenu$Info_wcslen$Default
                                                                                    • String ID: 0
                                                                                    • API String ID: 1227352736-4108050209
                                                                                    • Opcode ID: 923cd03ba1cadb76df889bac2bafe4d2bba47639fb39376d233dc1b2aed0b57b
                                                                                    • Instruction ID: 660a953d7a0b320aadf56da785d76a41a008da4b58761126d6bbbcaa5a8bcb66
                                                                                    • Opcode Fuzzy Hash: 923cd03ba1cadb76df889bac2bafe4d2bba47639fb39376d233dc1b2aed0b57b
                                                                                    • Instruction Fuzzy Hash: C851D5716043809BD715EF2AC985B6BBBE8AF49324F040A2DF995D31E0DB70DD46CB52
                                                                                    Function 00AE719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00AE7206
                                                                                    • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00AE723C
                                                                                    • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00AE724D
                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00AE72CF
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                    • String ID: DllGetClassObject
                                                                                    • API String ID: 753597075-1075368562
                                                                                    • Opcode ID: 9ec3080c5e5b77d83bb63d750cd83e654426c3683c04b362721175ac20281e82
                                                                                    • Instruction ID: c3922e3cb985681aad3096665498e6778f6c3ab11f6f9bdc5fbf80c3b67838e8
                                                                                    • Opcode Fuzzy Hash: 9ec3080c5e5b77d83bb63d750cd83e654426c3683c04b362721175ac20281e82
                                                                                    • Instruction Fuzzy Hash: 46416D71A04245EFDB15CF55C884AEE7BB9EF45310F2480A9BE099F24AD7B1DE44CBA0
                                                                                    Function 00B13D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B13E35
                                                                                    • IsMenu.USER32(?), ref: 00B13E4A
                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B13E92
                                                                                    • DrawMenuBar.USER32 ref: 00B13EA5
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Menu$Item$DrawInfoInsert
                                                                                    • String ID: 0
                                                                                    • API String ID: 3076010158-4108050209
                                                                                    • Opcode ID: 61c9628eb7d476b52fbd754df7a1a3f5c9689485a9de5c05ff097c97d8a0fc2c
                                                                                    • Instruction ID: 3d8acdc41e2394227b1372015beef4b777dc578685be406fa8b57af6e3a2fbd7
                                                                                    • Opcode Fuzzy Hash: 61c9628eb7d476b52fbd754df7a1a3f5c9689485a9de5c05ff097c97d8a0fc2c
                                                                                    • Instruction Fuzzy Hash: 13414A76A00309EFDB10DF54D884AEABBF9FF49750F4441A9E905A7290E730AE85CF60
                                                                                    Function 00AE1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                      • Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA
                                                                                    • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00AE1E66
                                                                                    • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00AE1E79
                                                                                    • SendMessageW.USER32(?,00000189,?,00000000), ref: 00AE1EA9
                                                                                      • Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$_wcslen$ClassName
                                                                                    • String ID: ComboBox$ListBox
                                                                                    • API String ID: 2081771294-1403004172
                                                                                    • Opcode ID: 768ce43968fd3f8b4f61a892d2a77f8bcb2d0de2e5bc6e43311d5cf0c2e5588d
                                                                                    • Instruction ID: ddf55f4979181445febf193b3d9ba4a558a62e0427d5071bab85bddea01ddba0
                                                                                    • Opcode Fuzzy Hash: 768ce43968fd3f8b4f61a892d2a77f8bcb2d0de2e5bc6e43311d5cf0c2e5588d
                                                                                    • Instruction Fuzzy Hash: 76217871A40144BFDB14ABB6CD4ACFFBBB8EF41350B144519F821A31E1DB384E0A8720
                                                                                    Function 00B12F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00B12F8D
                                                                                    • LoadLibraryW.KERNEL32(?), ref: 00B12F94
                                                                                    • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00B12FA9
                                                                                    • DestroyWindow.USER32(?), ref: 00B12FB1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                    • String ID: SysAnimate32
                                                                                    • API String ID: 3529120543-1011021900
                                                                                    • Opcode ID: f72ecb5bb3c94583cc91ce673ab36cef24a78f71b15a41fea925d61aa8ffe2a7
                                                                                    • Instruction ID: a62f8c2378ad97cc13f2f64dee9748f72c69ca538c8d0d82ec1b363fe06f2523
                                                                                    • Opcode Fuzzy Hash: f72ecb5bb3c94583cc91ce673ab36cef24a78f71b15a41fea925d61aa8ffe2a7
                                                                                    • Instruction Fuzzy Hash: 46216A71204209ABEB104F64DC84EFB77F9EB59364F904658FA50D71A0D771DCA29760
                                                                                    Function 00AA4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00AA4D1E,00AB28E9,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002), ref: 00AA4D8D
                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00AA4DA0
                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00AA4D1E,00AB28E9,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002,00000000), ref: 00AA4DC3
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                    • API String ID: 4061214504-1276376045
                                                                                    • Opcode ID: fc197995f3da20a1f803a7987253a4c56e285cfcc2e2fcab4076fb21c4b68aa7
                                                                                    • Instruction ID: ae363e3fd7d1776cc4225d9d09a9a4993c8a094c497185fad772ec176909b36b
                                                                                    • Opcode Fuzzy Hash: fc197995f3da20a1f803a7987253a4c56e285cfcc2e2fcab4076fb21c4b68aa7
                                                                                    • Instruction Fuzzy Hash: 70F03C35A80218BBDB119F94DC49BEEBFA5EF49751F4040A4B809A32A0CF719E50CB90
                                                                                    Function 00ADD3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryA.KERNEL32 ref: 00ADD3AD
                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00ADD3BF
                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00ADD3E5
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                    • String ID: GetSystemWow64DirectoryW$X64
                                                                                    • API String ID: 145871493-2590602151
                                                                                    • Opcode ID: 1d3aeaf93421fbfebbf30a953d8abcb8fdc008619497b41d4c4a9b2ca64c658f
                                                                                    • Instruction ID: 00ac5bcf8a6b975e3fa6ad3c1578dd68f903f9adb1895c06e5ea1ad3f4063d93
                                                                                    • Opcode Fuzzy Hash: 1d3aeaf93421fbfebbf30a953d8abcb8fdc008619497b41d4c4a9b2ca64c658f
                                                                                    • Instruction Fuzzy Hash: DCF055314C5A20ABD73017148C18EED7B70AF00702BA4C087F807FA318DF30CE808682
                                                                                    Function 00A84E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E9C
                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A84EAE
                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84EC0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                    • API String ID: 145871493-3689287502
                                                                                    • Opcode ID: 1a367b8077c281265af25e17abe02863e92dcfe061aec8b9d04cb172ab391529
                                                                                    • Instruction ID: 03b7434c5cdd4181407a344d5b23d4ce28abeddab8d04186398b51f886fe1501
                                                                                    • Opcode Fuzzy Hash: 1a367b8077c281265af25e17abe02863e92dcfe061aec8b9d04cb172ab391529
                                                                                    • Instruction Fuzzy Hash: 92E0CD35A855236BD3312B256C18BDF6A94AF85F627454115FC04F3114DF64CD0141A0
                                                                                    Function 00A84E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E62
                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A84E74
                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E87
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                    • API String ID: 145871493-1355242751
                                                                                    • Opcode ID: 1ef6c721cced8e3ec2ee4b20b2c810f8ec374ab6d6e020bf6cc5bc539804f888
                                                                                    • Instruction ID: 3b20489445cc3f30b94d434c12b42f6d28f98ba7531ff156146d258488b92e85
                                                                                    • Opcode Fuzzy Hash: 1ef6c721cced8e3ec2ee4b20b2c810f8ec374ab6d6e020bf6cc5bc539804f888
                                                                                    • Instruction Fuzzy Hash: 1BD012355826226756222B256C18ECB6E58AF89F513454565F905F3124CF60CE2186D0
                                                                                    Function 00AF2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AF2C05
                                                                                    • DeleteFileW.KERNEL32(?), ref: 00AF2C87
                                                                                    • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00AF2C9D
                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AF2CAE
                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AF2CC0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$Delete$Copy
                                                                                    • String ID:
                                                                                    • API String ID: 3226157194-0
                                                                                    • Opcode ID: 3c5e486fa0408109f773a50d6713f52443699fd17452033f1094dcdb1ac3d82b
                                                                                    • Instruction ID: 777463fde0cdc58254c19feea553f5b1f66282cbc349eba5df0bec708d5f58fb
                                                                                    • Opcode Fuzzy Hash: 3c5e486fa0408109f773a50d6713f52443699fd17452033f1094dcdb1ac3d82b
                                                                                    • Instruction Fuzzy Hash: 03B11C71D0011DABDF11EBE4CD85EEEBBBDEF49350F1040A6FA09A7191EB309A448B61
                                                                                    Function 00B0A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00B0A427
                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00B0A435
                                                                                    • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00B0A468
                                                                                    • CloseHandle.KERNEL32(?), ref: 00B0A63D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                    • String ID:
                                                                                    • API String ID: 3488606520-0
                                                                                    • Opcode ID: 20205be06cf7fbf64dcee44793c60749fffa24e4aaabb1a2dd606c48354e6fc5
                                                                                    • Instruction ID: 6740545734124a24a559615ceb5a9feff304adcd197dfbc20c04f007c715b5b4
                                                                                    • Opcode Fuzzy Hash: 20205be06cf7fbf64dcee44793c60749fffa24e4aaabb1a2dd606c48354e6fc5
                                                                                    • Instruction Fuzzy Hash: C4A19071604300AFE720EF24D986F2ABBE5AF84714F14885DF55A9B3D2DB71EC418B92
                                                                                    Function 00ABBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00B23700), ref: 00ABBB91
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00B5121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00ABBC09
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00B51270,000000FF,?,0000003F,00000000,?), ref: 00ABBC36
                                                                                    • _free.LIBCMT ref: 00ABBB7F
                                                                                      • Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
                                                                                      • Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0
                                                                                    • _free.LIBCMT ref: 00ABBD4B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                    • String ID:
                                                                                    • API String ID: 1286116820-0
                                                                                    • Opcode ID: 690f7413eb9191a55b5f0d05da1f9360a0fad64e64525a74a45aa0cfbc6ad75d
                                                                                    • Instruction ID: f3527f4070bf68312789e1537eb3cbe652da78a144b99fb68cad82030efbd2ce
                                                                                    • Opcode Fuzzy Hash: 690f7413eb9191a55b5f0d05da1f9360a0fad64e64525a74a45aa0cfbc6ad75d
                                                                                    • Instruction Fuzzy Hash: 1151F971910209EFCB10DF69DD81AEEBBBCEF45310F1046AAE414D71A2EFB19E408B60
                                                                                    Function 00AEE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00AECF22,?), ref: 00AEDDFD
                                                                                      • Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00AECF22,?), ref: 00AEDE16
                                                                                      • Part of subcall function 00AEE199: GetFileAttributesW.KERNEL32(?,00AECF95), ref: 00AEE19A
                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00AEE473
                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00AEE4AC
                                                                                    • _wcslen.LIBCMT ref: 00AEE5EB
                                                                                    • _wcslen.LIBCMT ref: 00AEE603
                                                                                    • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00AEE650
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                    • String ID:
                                                                                    • API String ID: 3183298772-0
                                                                                    • Opcode ID: 7981b746887fc97c421dd940dd5d0c72fb31a6563c3b62fafa66ff6b69ed98f8
                                                                                    • Instruction ID: de06c2eb19446bfea6a7a9181b1722f4a6bd2ddcc23ef07ad9ea2a6257e9e7fa
                                                                                    • Opcode Fuzzy Hash: 7981b746887fc97c421dd940dd5d0c72fb31a6563c3b62fafa66ff6b69ed98f8
                                                                                    • Instruction Fuzzy Hash: 9F5184B24083859BC724EBA5DD819EFB3ECAF85340F00491EF589D3191EF75A68C8766
                                                                                    Function 00B0B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                      • Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
                                                                                      • Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E
                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0BAA5
                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B0BB00
                                                                                    • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00B0BB63
                                                                                    • RegCloseKey.ADVAPI32(?,?), ref: 00B0BBA6
                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B0BBB3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                    • String ID:
                                                                                    • API String ID: 826366716-0
                                                                                    • Opcode ID: 57dc7a22487f33c6967ea564a76f57acde8d283ca3b660a4f81a4e58086a23ff
                                                                                    • Instruction ID: 93e404fe81816cd3c5a98c9758be9507c0c2a2a515c94e3ac7f241104bc384d0
                                                                                    • Opcode Fuzzy Hash: 57dc7a22487f33c6967ea564a76f57acde8d283ca3b660a4f81a4e58086a23ff
                                                                                    • Instruction Fuzzy Hash: 4961AF31208241EFD714DF24C494E2ABBE5FF84308F54899DF49A8B2A2DB31ED45CB92
                                                                                    Function 00AE8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VariantInit.OLEAUT32(?), ref: 00AE8BCD
                                                                                    • VariantClear.OLEAUT32 ref: 00AE8C3E
                                                                                    • VariantClear.OLEAUT32 ref: 00AE8C9D
                                                                                    • VariantClear.OLEAUT32(?), ref: 00AE8D10
                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00AE8D3B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Variant$Clear$ChangeInitType
                                                                                    • String ID:
                                                                                    • API String ID: 4136290138-0
                                                                                    • Opcode ID: ea9952aa76042f6bb8bf0c24e7f720ac5bbdeae056f448a7159cecdc353fe54a
                                                                                    • Instruction ID: 2a62e9bb59bad4a7a9b58f7c504b4cb91ef708d4312242c51507de3f9a22b46c
                                                                                    • Opcode Fuzzy Hash: ea9952aa76042f6bb8bf0c24e7f720ac5bbdeae056f448a7159cecdc353fe54a
                                                                                    • Instruction Fuzzy Hash: 26518CB5A00219EFCB10CF59C894AAAB7F5FF89310B118559F909DB350E734E911CF90
                                                                                    Function 00AF8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00AF8BAE
                                                                                    • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00AF8BDA
                                                                                    • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00AF8C32
                                                                                    • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00AF8C57
                                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00AF8C5F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: PrivateProfile$SectionWrite$String
                                                                                    • String ID:
                                                                                    • API String ID: 2832842796-0
                                                                                    • Opcode ID: 4e34da9920a4893a19df8ae07a03b124a0a7860e6efafc19e2ddb6dbf4511cd7
                                                                                    • Instruction ID: 85b0b36b29dbc306cdd12570d54f391fd2b8a8f47cad396897cb45ecd2d8a32e
                                                                                    • Opcode Fuzzy Hash: 4e34da9920a4893a19df8ae07a03b124a0a7860e6efafc19e2ddb6dbf4511cd7
                                                                                    • Instruction Fuzzy Hash: 8A514C35A002199FCB05EF64C981E6DBBF5FF49314F088458E94AAB362DB35ED51CBA0
                                                                                    Function 00B08EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00B08F40
                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00B08FD0
                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 00B08FEC
                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00B09032
                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00B09052
                                                                                      • Part of subcall function 00A9F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00AF1043,?,7529E610), ref: 00A9F6E6
                                                                                      • Part of subcall function 00A9F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00ADFA64,00000000,00000000,?,?,00AF1043,?,7529E610,?,00ADFA64), ref: 00A9F70D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                    • String ID:
                                                                                    • API String ID: 666041331-0
                                                                                    • Opcode ID: a8ea8fbb1f1de1e226b2c96c3288f3f4a8cc030eede75cc9dd71c5bace279d27
                                                                                    • Instruction ID: 462e5ac9dc48093d5ad9e7cd186fefb6bfc01131696cfe2d3ae22e2a6997c01f
                                                                                    • Opcode Fuzzy Hash: a8ea8fbb1f1de1e226b2c96c3288f3f4a8cc030eede75cc9dd71c5bace279d27
                                                                                    • Instruction Fuzzy Hash: 30513E35604205DFC715EF64C5948ADBFF1FF49314B0880A9E84AAB3A2DB31EE85CB91
                                                                                    Function 00B16B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00B16C33
                                                                                    • SetWindowLongW.USER32(?,000000EC,?), ref: 00B16C4A
                                                                                    • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00B16C73
                                                                                    • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00AFAB79,00000000,00000000), ref: 00B16C98
                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00B16CC7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Long$MessageSendShow
                                                                                    • String ID:
                                                                                    • API String ID: 3688381893-0
                                                                                    • Opcode ID: 733e076b760cbf200ced192820f32e513d17b1f33f62c3a4fc2a4e9753298a09
                                                                                    • Instruction ID: e32fdaecfa1e3d0a2c549cc5c7590e1504b196778a0ff515192a2c72dafa1d9b
                                                                                    • Opcode Fuzzy Hash: 733e076b760cbf200ced192820f32e513d17b1f33f62c3a4fc2a4e9753298a09
                                                                                    • Instruction Fuzzy Hash: E241D435A04104AFD724CF28CC99FEA7FE5EB09350F9542A8F895A72E0D771AD81CA80
                                                                                    Function 00AB2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free
                                                                                    • String ID:
                                                                                    • API String ID: 269201875-0
                                                                                    • Opcode ID: 27eeac6136b17cc5f5c70c5f5d6cf43338e8c4f4cf0653c2be2b446e535ebb9a
                                                                                    • Instruction ID: 0e0716294fe24a09a67ce261fa2431c79917d66b3a784acd8ae7a07252fd72d9
                                                                                    • Opcode Fuzzy Hash: 27eeac6136b17cc5f5c70c5f5d6cf43338e8c4f4cf0653c2be2b446e535ebb9a
                                                                                    • Instruction Fuzzy Hash: A941D372A00200AFCB24DF78C981B9DB7F9EF89714F15456AE515EB396DB31AD01CB80
                                                                                    Function 00A9912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCursorPos.USER32(?), ref: 00A99141
                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00A9915E
                                                                                    • GetAsyncKeyState.USER32(00000001), ref: 00A99183
                                                                                    • GetAsyncKeyState.USER32(00000002), ref: 00A9919D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AsyncState$ClientCursorScreen
                                                                                    • String ID:
                                                                                    • API String ID: 4210589936-0
                                                                                    • Opcode ID: e237c95fe0b4c058997f1355cf9a760d3a666157be8a9d14a60a06210216e2f8
                                                                                    • Instruction ID: 4836c946d6df03d26a5bb94cf34bf39c8524d3f578cda88aa508efb0cfaf3499
                                                                                    • Opcode Fuzzy Hash: e237c95fe0b4c058997f1355cf9a760d3a666157be8a9d14a60a06210216e2f8
                                                                                    • Instruction Fuzzy Hash: 90414F71A0851AFBDF199F68C844BEEB7B5FB05320F20831AF429A72E0D7305990CB91
                                                                                    Function 00AF3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetInputState.USER32 ref: 00AF38CB
                                                                                    • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00AF3922
                                                                                    • TranslateMessage.USER32(?), ref: 00AF394B
                                                                                    • DispatchMessageW.USER32(?), ref: 00AF3955
                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AF3966
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                    • String ID:
                                                                                    • API String ID: 2256411358-0
                                                                                    • Opcode ID: 89e302939c1342fa42bd672d286b904e558a0850f5a21c0ec907b47bfd5c07cb
                                                                                    • Instruction ID: cb9eb31274cbb6fef1c34ba3b7246e09af8607833cc6378fe40ae862fd2fa509
                                                                                    • Opcode Fuzzy Hash: 89e302939c1342fa42bd672d286b904e558a0850f5a21c0ec907b47bfd5c07cb
                                                                                    • Instruction Fuzzy Hash: 71311E7250434A9EEF35CBB4D8A8BB63BE8DB15341F04459DF662C3190E7F49A85CB11
                                                                                    Function 00AFCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 00AFCF38
                                                                                    • InternetReadFile.WININET(?,00000000,?,?), ref: 00AFCF6F
                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,00AFC21E,00000000), ref: 00AFCFB4
                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00AFC21E,00000000), ref: 00AFCFC8
                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00AFC21E,00000000), ref: 00AFCFF2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                    • String ID:
                                                                                    • API String ID: 3191363074-0
                                                                                    • Opcode ID: cdf0d77c2a681c1a42108ee3a9cc5022bbf9aa4ba7a1aca7bf807cbc610a2ebc
                                                                                    • Instruction ID: 5b709dfc957fbc4d7c34ab07e0da4f5fbbe16cb2c1fdc879a9204121187b1e71
                                                                                    • Opcode Fuzzy Hash: cdf0d77c2a681c1a42108ee3a9cc5022bbf9aa4ba7a1aca7bf807cbc610a2ebc
                                                                                    • Instruction Fuzzy Hash: 54314F7160430DAFDB20DFE6CA849BABBF9EB14364B10842EF616D3141DB30AE40DB60
                                                                                    Function 00AE1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetWindowRect.USER32(?,?), ref: 00AE1915
                                                                                    • PostMessageW.USER32(00000001,00000201,00000001), ref: 00AE19C1
                                                                                    • Sleep.KERNEL32(00000000,?,?,?), ref: 00AE19C9
                                                                                    • PostMessageW.USER32(00000001,00000202,00000000), ref: 00AE19DA
                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00AE19E2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessagePostSleep$RectWindow
                                                                                    • String ID:
                                                                                    • API String ID: 3382505437-0
                                                                                    • Opcode ID: 3971b212f5ec276a9e7a16d2f2a676acc1f8fa73716be0172895381254c3082b
                                                                                    • Instruction ID: d789a68f0eed2b5f351014072024aef0e1938ef186b1bbfa7281cec5964bfa68
                                                                                    • Opcode Fuzzy Hash: 3971b212f5ec276a9e7a16d2f2a676acc1f8fa73716be0172895381254c3082b
                                                                                    • Instruction Fuzzy Hash: 9C31B471A00269EFCB04CFA9CD99ADE7BB5EB44315F108225F921A72D1C7709D54CB90
                                                                                    Function 00B15706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00B15745
                                                                                    • SendMessageW.USER32(?,00001074,?,00000001), ref: 00B1579D
                                                                                    • _wcslen.LIBCMT ref: 00B157AF
                                                                                    • _wcslen.LIBCMT ref: 00B157BA
                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B15816
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 763830540-0
                                                                                    • Opcode ID: f6e49acb1a137e0454f8cf7509379a56cac75674a6f0afce038b436edcf33bce
                                                                                    • Instruction ID: a97766e1fbfe3f1bad3007c4c7a7bfeb4663ad3fdcf1ba95977bcf69f3b52584
                                                                                    • Opcode Fuzzy Hash: f6e49acb1a137e0454f8cf7509379a56cac75674a6f0afce038b436edcf33bce
                                                                                    • Instruction Fuzzy Hash: EE218071904618DADB309F64CC85AEEBBB8EB85324F508296E929AB2C4D77099C5CF50
                                                                                    Function 00B00930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • IsWindow.USER32(00000000), ref: 00B00951
                                                                                    • GetForegroundWindow.USER32 ref: 00B00968
                                                                                    • GetDC.USER32(00000000), ref: 00B009A4
                                                                                    • GetPixel.GDI32(00000000,?,00000003), ref: 00B009B0
                                                                                    • ReleaseDC.USER32(00000000,00000003), ref: 00B009E8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$ForegroundPixelRelease
                                                                                    • String ID:
                                                                                    • API String ID: 4156661090-0
                                                                                    • Opcode ID: f07b92292e6324ec8d8498fbea986a9a6684b01e2577853344dede085c937d50
                                                                                    • Instruction ID: 6e8ea8a6a847f00cabeee0e35aa0d6dcf6991a29e057cc597bd81afae73b44c0
                                                                                    • Opcode Fuzzy Hash: f07b92292e6324ec8d8498fbea986a9a6684b01e2577853344dede085c937d50
                                                                                    • Instruction Fuzzy Hash: FF219075600204AFD704EF69D984AAEBBF9EF49700F04806CF94AE73A2CB70AD04CB50
                                                                                    Function 00ABCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00ABCDC6
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00ABCDE9
                                                                                      • Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00ABCE0F
                                                                                    • _free.LIBCMT ref: 00ABCE22
                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00ABCE31
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                    • String ID:
                                                                                    • API String ID: 336800556-0
                                                                                    • Opcode ID: 6014825eea41aeb24d223e3f978a11d6aa36e864b36e6420e48e76078a166447
                                                                                    • Instruction ID: 3eaa0d68974c7e756c7d314b79a04b5c5f0ff7f80a29480bdac3de7ffa9d2314
                                                                                    • Opcode Fuzzy Hash: 6014825eea41aeb24d223e3f978a11d6aa36e864b36e6420e48e76078a166447
                                                                                    • Instruction Fuzzy Hash: 4F018472601215BFA7211BB66C88DFB6E6DEEC6BB13154129F905DB202EE61CD0191B0
                                                                                    Function 00A99639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A99693
                                                                                    • SelectObject.GDI32(?,00000000), ref: 00A996A2
                                                                                    • BeginPath.GDI32(?), ref: 00A996B9
                                                                                    • SelectObject.GDI32(?,00000000), ref: 00A996E2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                    • String ID:
                                                                                    • API String ID: 3225163088-0
                                                                                    • Opcode ID: ac18532dc8eb660fdbf408b971bf60ff1929c6c276c7a5db71d9cf67f5f88f04
                                                                                    • Instruction ID: 59adc968cde40dea268567ddd64219d2c079fabb4b2bc9ceafe1156b6de5d7a4
                                                                                    • Opcode Fuzzy Hash: ac18532dc8eb660fdbf408b971bf60ff1929c6c276c7a5db71d9cf67f5f88f04
                                                                                    • Instruction Fuzzy Hash: 4F217F70902305FBDF119F6CEC087EA3BB9BB11356F50465AF511A71A0DBB05892CBA4
                                                                                    Function 00AE5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _memcmp
                                                                                    • String ID:
                                                                                    • API String ID: 2931989736-0
                                                                                    • Opcode ID: 377e10da8d06425eafaeddf0fa78b9be2ce0be3a80790b6c427b05b3fb55d81e
                                                                                    • Instruction ID: a11453c039b6fbb4b989f382362dada0e7f7fd78b213e447bcc2e93a89c2377d
                                                                                    • Opcode Fuzzy Hash: 377e10da8d06425eafaeddf0fa78b9be2ce0be3a80790b6c427b05b3fb55d81e
                                                                                    • Instruction Fuzzy Hash: 88019671A45645FA96089622AE52FFB739CDB21398F404420FD04AF281F761ED60C2F0
                                                                                    Function 00A9990C Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetSysColor.USER32(00000008), ref: 00A998CC
                                                                                    • SetTextColor.GDI32(?,?), ref: 00A998D6
                                                                                    • SetBkMode.GDI32(?,00000001), ref: 00A998E9
                                                                                    • GetStockObject.GDI32(00000005), ref: 00A998F1
                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00A99952
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Color$LongModeObjectStockTextWindow
                                                                                    • String ID:
                                                                                    • API String ID: 1860813098-0
                                                                                    • Opcode ID: 6358800a50537e99923de9cfcb0af1dfaf62842f354182060d461b4106a7d4ea
                                                                                    • Instruction ID: 11c7452de585697ac1dca59cbe677ca6e47f5e589b730769b18a0f3ec656a5cf
                                                                                    • Opcode Fuzzy Hash: 6358800a50537e99923de9cfcb0af1dfaf62842f354182060d461b4106a7d4ea
                                                                                    • Instruction Fuzzy Hash: 79110632286250BFCF224F69EC59AEA3FA4EB13321B08815DF5929B1B1DA310851CB51
                                                                                    Function 00AB2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetLastError.KERNEL32(?,?,?,00AAF2DE,00AB3863,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6), ref: 00AB2DFD
                                                                                    • _free.LIBCMT ref: 00AB2E32
                                                                                    • _free.LIBCMT ref: 00AB2E59
                                                                                    • SetLastError.KERNEL32(00000000,00A81129), ref: 00AB2E66
                                                                                    • SetLastError.KERNEL32(00000000,00A81129), ref: 00AB2E6F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$_free
                                                                                    • String ID:
                                                                                    • API String ID: 3170660625-0
                                                                                    • Opcode ID: 787991e857f8ca1b2660bc6d28eaaea9e216a3864a12fa37e449647718f08da9
                                                                                    • Instruction ID: 35894d302398b84493de645329ef39f3fd855a18afdc696d5bf4970ff4919902
                                                                                    • Opcode Fuzzy Hash: 787991e857f8ca1b2660bc6d28eaaea9e216a3864a12fa37e449647718f08da9
                                                                                    • Instruction Fuzzy Hash: 3F01F4362456006BCA1327366D45FEB2E7DBBD67A1B24442AF825A31D3EE34CC014320
                                                                                    Function 00AE000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?,?,00AE035E), ref: 00AE002B
                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0046
                                                                                    • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0054
                                                                                    • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?), ref: 00AE0064
                                                                                    • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0070
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                    • String ID:
                                                                                    • API String ID: 3897988419-0
                                                                                    • Opcode ID: 0d11e1540472c3dd245ccb32b05ac71a8fbee63e164217a040798684927339b7
                                                                                    • Instruction ID: f20db1bef8667e29c516852707c903b8e5389cbb580180434945a47bf55ecc38
                                                                                    • Opcode Fuzzy Hash: 0d11e1540472c3dd245ccb32b05ac71a8fbee63e164217a040798684927339b7
                                                                                    • Instruction Fuzzy Hash: 6C018B72640204BFDB109F6AEC44FAA7EADEB44792F148124F905D3210EBB1DD808BA0
                                                                                    Function 00AEE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00AEE997
                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 00AEE9A5
                                                                                    • Sleep.KERNEL32(00000000), ref: 00AEE9AD
                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00AEE9B7
                                                                                    • Sleep.KERNEL32 ref: 00AEE9F3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                    • String ID:
                                                                                    • API String ID: 2833360925-0
                                                                                    • Opcode ID: c6bb8ba3378e481de85ac1c9ac6fb43325b1935ed0103866f977cf493c5576e4
                                                                                    • Instruction ID: 9978ca1550389634ed1fad4e8d9a2865eb5022575d19cfd641aa41f5d464bff0
                                                                                    • Opcode Fuzzy Hash: c6bb8ba3378e481de85ac1c9ac6fb43325b1935ed0103866f977cf493c5576e4
                                                                                    • Instruction Fuzzy Hash: 8B015731C41629EBCF00EBE6DC49AEDFBB8FB08700F404546E502B2242CF309660CBA1
                                                                                    Function 00AE10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE1114
                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1120
                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE112F
                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1136
                                                                                    • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE114D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                    • String ID:
                                                                                    • API String ID: 842720411-0
                                                                                    • Opcode ID: 3147ee3ac9c5c2bd7422c81bc6e132186575f61bd5756130fcd68f37b67b3ff5
                                                                                    • Instruction ID: 2bbc37d7a0953b9ec9a16f757ebf9183139287088e0b232f8f45a324179e90bd
                                                                                    • Opcode Fuzzy Hash: 3147ee3ac9c5c2bd7422c81bc6e132186575f61bd5756130fcd68f37b67b3ff5
                                                                                    • Instruction Fuzzy Hash: 88018C79240315BFDB125FA5DC49EAA3F6EEF8A3A4B608418FA41D3360DF71DC108A60
                                                                                    Function 00AE0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00AE0FCA
                                                                                    • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00AE0FD6
                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00AE0FE5
                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00AE0FEC
                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00AE1002
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                    • String ID:
                                                                                    • API String ID: 44706859-0
                                                                                    • Opcode ID: b64adef362e4bab5f3eaab3a91ced02045238b115df6a276cce20604c8ea956a
                                                                                    • Instruction ID: 0599f8858e6bd5347f3068577427488947c367306394a18f483f199cae4ca098
                                                                                    • Opcode Fuzzy Hash: b64adef362e4bab5f3eaab3a91ced02045238b115df6a276cce20604c8ea956a
                                                                                    • Instruction Fuzzy Hash: D6F04F39180351BBD7214FA59C4DF963F6EEF89761F518414FA46D7291CE70DC508A60
                                                                                    Function 00AE1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00AE102A
                                                                                    • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1036
                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1045
                                                                                    • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE104C
                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1062
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                    • String ID:
                                                                                    • API String ID: 44706859-0
                                                                                    • Opcode ID: 4aeb1997a1a636d2aff7b484af1c9da893cedb78fa7d61cc77091d96370af5f9
                                                                                    • Instruction ID: 564541ce1ac2ac51411ab834aa1f08228160ff6cabc7d4de2e99bc39917d3ad9
                                                                                    • Opcode Fuzzy Hash: 4aeb1997a1a636d2aff7b484af1c9da893cedb78fa7d61cc77091d96370af5f9
                                                                                    • Instruction Fuzzy Hash: 74F0CD39280311FBDB211FA5EC4CF963FAEEF89761FA14424FA05D7250CE30D8408A60
                                                                                    Function 00AF030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0324
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0331
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF033E
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF034B
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0358
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0365
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseHandle
                                                                                    • String ID:
                                                                                    • API String ID: 2962429428-0
                                                                                    • Opcode ID: d9593229e84e15a2f6edf8c374911def4f3f5a89c2381d8640e0f97a7bda893b
                                                                                    • Instruction ID: f3962c675dcbc38231aef31e14269b8b59f208155ebec106a536f0771987399d
                                                                                    • Opcode Fuzzy Hash: d9593229e84e15a2f6edf8c374911def4f3f5a89c2381d8640e0f97a7bda893b
                                                                                    • Instruction Fuzzy Hash: 5A01A272800B199FC7309FA6D880822FBF5BF503153158A3FE29652932C771A954CF80
                                                                                    Function 00ABD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _free.LIBCMT ref: 00ABD752
                                                                                      • Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
                                                                                      • Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0
                                                                                    • _free.LIBCMT ref: 00ABD764
                                                                                    • _free.LIBCMT ref: 00ABD776
                                                                                    • _free.LIBCMT ref: 00ABD788
                                                                                    • _free.LIBCMT ref: 00ABD79A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                    • String ID:
                                                                                    • API String ID: 776569668-0
                                                                                    • Opcode ID: 18c80108d629e7fe1d5309067675945611ef12208ee26f28c49dbf5c0bbc2e88
                                                                                    • Instruction ID: 20f656032480a47cf80a2ef982af7c4d2efd118698702652951830a41b47ff0f
                                                                                    • Opcode Fuzzy Hash: 18c80108d629e7fe1d5309067675945611ef12208ee26f28c49dbf5c0bbc2e88
                                                                                    • Instruction Fuzzy Hash: 86F0F936545208BB8665EB68FAC6DDA7BDDBB85B10BA40C06F048E7503DF20FC808B64
                                                                                    Function 00AE5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00AE5C58
                                                                                    • GetWindowTextW.USER32(00000000,?,00000100), ref: 00AE5C6F
                                                                                    • MessageBeep.USER32(00000000), ref: 00AE5C87
                                                                                    • KillTimer.USER32(?,0000040A), ref: 00AE5CA3
                                                                                    • EndDialog.USER32(?,00000001), ref: 00AE5CBD
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                    • String ID:
                                                                                    • API String ID: 3741023627-0
                                                                                    • Opcode ID: 3be428d2854df06d5dda760e51af0f9d5f936e609a7603b1b762336383a5293e
                                                                                    • Instruction ID: 35eb5401d913a36790158649032d779e4bf98ea1cbba9c16deb413e846fb6748
                                                                                    • Opcode Fuzzy Hash: 3be428d2854df06d5dda760e51af0f9d5f936e609a7603b1b762336383a5293e
                                                                                    • Instruction Fuzzy Hash: 1D018630940B44ABEB245B21ED5EFE67BB8BF44B09F505559A583A20E1DBF0A984CB90
                                                                                    Function 00AB22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _free.LIBCMT ref: 00AB22BE
                                                                                      • Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
                                                                                      • Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0
                                                                                    • _free.LIBCMT ref: 00AB22D0
                                                                                    • _free.LIBCMT ref: 00AB22E3
                                                                                    • _free.LIBCMT ref: 00AB22F4
                                                                                    • _free.LIBCMT ref: 00AB2305
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                    • String ID:
                                                                                    • API String ID: 776569668-0
                                                                                    • Opcode ID: 8ff7de0e92afed6589cb73576f91dd91daa362b7576854a7c87f63cb4a56c767
                                                                                    • Instruction ID: b7c7aaae89790982571653bfa834a917163902f45d34f81bec36f163914356ea
                                                                                    • Opcode Fuzzy Hash: 8ff7de0e92afed6589cb73576f91dd91daa362b7576854a7c87f63cb4a56c767
                                                                                    • Instruction Fuzzy Hash: F3F0D075411310AB8652BF58BD01B983F69B76DB52B050E87F418D7272CF310551ABA5
                                                                                    Function 00A995C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • EndPath.GDI32(?), ref: 00A995D4
                                                                                    • StrokeAndFillPath.GDI32(?,?,00AD71F7,00000000,?,?,?), ref: 00A995F0
                                                                                    • SelectObject.GDI32(?,00000000), ref: 00A99603
                                                                                    • DeleteObject.GDI32 ref: 00A99616
                                                                                    • StrokePath.GDI32(?), ref: 00A99631
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                    • String ID:
                                                                                    • API String ID: 2625713937-0
                                                                                    • Opcode ID: de202c6e1d781feaa2e184da267d79593bac477b83590b1b0779b204224063ee
                                                                                    • Instruction ID: b5e9c7c09017a837f53f73ce343db84a60272f37f7cd810b4bb4348146307445
                                                                                    • Opcode Fuzzy Hash: de202c6e1d781feaa2e184da267d79593bac477b83590b1b0779b204224063ee
                                                                                    • Instruction Fuzzy Hash: 91F0F630145304EBDB125F6DED1C7AA3FA1AB05322F448658E565960F1CF3089A6DF64
                                                                                    Function 00AB0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: __freea$_free
                                                                                    • String ID: a/p$am/pm
                                                                                    • API String ID: 3432400110-3206640213
                                                                                    • Opcode ID: 7bf1b06f2f6966e2bc6ed0fab9c062e2b45689bd28c5047deb3cca05287d77cf
                                                                                    • Instruction ID: e4034135509b6f9786048d5b00188adbf8412ca66a444d5ddcace7d1e96a6233
                                                                                    • Opcode Fuzzy Hash: 7bf1b06f2f6966e2bc6ed0fab9c062e2b45689bd28c5047deb3cca05287d77cf
                                                                                    • Instruction Fuzzy Hash: A2D1E431900205DADB649F68C865BFEB7F9FF05300FA84269E5019F653E7759D80CB91
                                                                                    Function 00B07B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AA0242: EnterCriticalSection.KERNEL32(00B5070C,00B51884,?,?,00A9198B,00B52518,?,?,?,00A812F9,00000000), ref: 00AA024D
                                                                                      • Part of subcall function 00AA0242: LeaveCriticalSection.KERNEL32(00B5070C,?,00A9198B,00B52518,?,?,?,00A812F9,00000000), ref: 00AA028A
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                      • Part of subcall function 00AA00A3: __onexit.LIBCMT ref: 00AA00A9
                                                                                    • __Init_thread_footer.LIBCMT ref: 00B07BFB
                                                                                      • Part of subcall function 00AA01F8: EnterCriticalSection.KERNEL32(00B5070C,?,?,00A98747,00B52514), ref: 00AA0202
                                                                                      • Part of subcall function 00AA01F8: LeaveCriticalSection.KERNEL32(00B5070C,?,00A98747,00B52514), ref: 00AA0235
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                    • String ID: 5$G$Variable must be of type 'Object'.
                                                                                    • API String ID: 535116098-3733170431
                                                                                    • Opcode ID: eb48f6fce9b8bd3060bc194370ada999d1af22eeb61c940944ddefbd941fa960
                                                                                    • Instruction ID: 1bc5020ea696218fdb24db6883e53b68234fb66ecc0808c30185cabd7b6b1ea4
                                                                                    • Opcode Fuzzy Hash: eb48f6fce9b8bd3060bc194370ada999d1af22eeb61c940944ddefbd941fa960
                                                                                    • Instruction Fuzzy Hash: B1919BB0A44209AFDB14EF94D9909AEBBF1FF45300F148199F8069B291DB71AE45CB91
                                                                                    Function 00AE2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AEB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00AE21D0,?,?,00000034,00000800,?,00000034), ref: 00AEB42D
                                                                                    • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00AE2760
                                                                                      • Part of subcall function 00AEB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00AE21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00AEB3F8
                                                                                      • Part of subcall function 00AEB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00AEB355
                                                                                      • Part of subcall function 00AEB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00AE2194,00000034,?,?,00001004,00000000,00000000), ref: 00AEB365
                                                                                      • Part of subcall function 00AEB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00AE2194,00000034,?,?,00001004,00000000,00000000), ref: 00AEB37B
                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00AE27CD
                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00AE281A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                    • String ID: @
                                                                                    • API String ID: 4150878124-2766056989
                                                                                    • Opcode ID: ca7d2252fdd29c0735d04e8f9d1d248e7a5134b1c29d3a57dd5e633ce5d09dc6
                                                                                    • Instruction ID: 5bf0e9eeb71c61454d5ed0347c20b5523b7bc21362d68c2290c67235c525883f
                                                                                    • Opcode Fuzzy Hash: ca7d2252fdd29c0735d04e8f9d1d248e7a5134b1c29d3a57dd5e633ce5d09dc6
                                                                                    • Instruction Fuzzy Hash: 92412C72900218AFDB10DFA5CD46BEEBBB8EF09700F108095FA55B7181DB706E45CBA1
                                                                                    Function 00AB172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00AB1769
                                                                                    • _free.LIBCMT ref: 00AB1834
                                                                                    • _free.LIBCMT ref: 00AB183E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$FileModuleName
                                                                                    • String ID: C:\Users\user\Desktop\file.exe
                                                                                    • API String ID: 2506810119-517116171
                                                                                    • Opcode ID: 1afdc9d994c085854c8444e96d12148a2686b6ed4991b84952c65adf0598e0db
                                                                                    • Instruction ID: 572627929f8a7f4d4da0b61099c63c3f7207513984cc4ba181db879b6bd95fc2
                                                                                    • Opcode Fuzzy Hash: 1afdc9d994c085854c8444e96d12148a2686b6ed4991b84952c65adf0598e0db
                                                                                    • Instruction Fuzzy Hash: 1E316D71A40258AFDB21DF999995EDEBBFCEB85310F9441A6F804D7212DA708E80CB90
                                                                                    Function 00AEC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetMenuItemInfoW.USER32(00000004,?,00000000,?), ref: 00AEC306
                                                                                    • DeleteMenu.USER32(?,00000007,00000000), ref: 00AEC34C
                                                                                    • DeleteMenu.USER32(?,?,00000000,?,00000000,00000000,00B51990,00FE77C0), ref: 00AEC395
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Menu$Delete$InfoItem
                                                                                    • String ID: 0
                                                                                    • API String ID: 135850232-4108050209
                                                                                    • Opcode ID: dbc3dc96af4dcaab8a7965aa3b344d003ae26940c094baaab35a6797f5c856cc
                                                                                    • Instruction ID: a77b9f7111cf031f37d61865d5dfa5127be0c1312d5f41c4037338b5286eb6b5
                                                                                    • Opcode Fuzzy Hash: dbc3dc96af4dcaab8a7965aa3b344d003ae26940c094baaab35a6797f5c856cc
                                                                                    • Instruction Fuzzy Hash: 6B4191712043829FD724DF26D885F5AFBE8AF85320F14861DF9A59B2D2D730E905CB62
                                                                                    Function 00B14416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00B1CC08,00000000,?,?,?,?), ref: 00B144AA
                                                                                    • GetWindowLongW.USER32 ref: 00B144C7
                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B144D7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Long
                                                                                    • String ID: SysTreeView32
                                                                                    • API String ID: 847901565-1698111956
                                                                                    • Opcode ID: 51aa60eca69fdbe60b021d3f57c38c2c4945bdf8c4ffd53c01b2fddfbbbcfbac
                                                                                    • Instruction ID: 44f242a32ee8d0e22b552f9a6c6be3451fa650e9a7a828fb41cd85ecda9dae71
                                                                                    • Opcode Fuzzy Hash: 51aa60eca69fdbe60b021d3f57c38c2c4945bdf8c4ffd53c01b2fddfbbbcfbac
                                                                                    • Instruction Fuzzy Hash: 58317C71250205ABDB209E38DC45BEA7BE9EB18324F608755F979932E0DB70AC909B50
                                                                                    Function 00B0304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00B0335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00B03077,?,?), ref: 00B03378
                                                                                    • inet_addr.WSOCK32(?), ref: 00B0307A
                                                                                    • _wcslen.LIBCMT ref: 00B0309B
                                                                                    • htons.WSOCK32(00000000), ref: 00B03106
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                    • String ID: 255.255.255.255
                                                                                    • API String ID: 946324512-2422070025
                                                                                    • Opcode ID: 04f91f8924de47d29e179b19293d36fc3a821e45801c64ce38f868b0dea1e897
                                                                                    • Instruction ID: e40f5f661f350d4fd51d0ccb3644e9b235ed9f1d6b0945cd9094bba93f40cc3c
                                                                                    • Opcode Fuzzy Hash: 04f91f8924de47d29e179b19293d36fc3a821e45801c64ce38f868b0dea1e897
                                                                                    • Instruction Fuzzy Hash: ED31C4352002059FC710CF28C5C9FAABBE8EF54714F288099E8159B3D2DB72DE45C761
                                                                                    Function 00B13EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00B13F40
                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00B13F54
                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B13F78
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window
                                                                                    • String ID: SysMonthCal32
                                                                                    • API String ID: 2326795674-1439706946
                                                                                    • Opcode ID: 3d3cb17fc51caa721973bc06375b6be3224704b9e2e288b4f2dba7329aefed1b
                                                                                    • Instruction ID: 1daa0874d5ac77f5e9d657999ec622ff43715d739d6257b9b142316557688d2f
                                                                                    • Opcode Fuzzy Hash: 3d3cb17fc51caa721973bc06375b6be3224704b9e2e288b4f2dba7329aefed1b
                                                                                    • Instruction Fuzzy Hash: F721BF32640219BFDF218F54CC86FEA3BB9EB48714F110254FA157B1D0DAB1A991CB90
                                                                                    Function 00B14653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00B14705
                                                                                    • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00B14713
                                                                                    • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B1471A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$DestroyWindow
                                                                                    • String ID: msctls_updown32
                                                                                    • API String ID: 4014797782-2298589950
                                                                                    • Opcode ID: 498bf55fe75f71717402195efd37039113af744455116bf1d4c42c9d3b84bb06
                                                                                    • Instruction ID: 239a2e4aa15faedb6d7430cda1cf2dba060e17c543c7b8ddbe46fb20c63c92c6
                                                                                    • Opcode Fuzzy Hash: 498bf55fe75f71717402195efd37039113af744455116bf1d4c42c9d3b84bb06
                                                                                    • Instruction Fuzzy Hash: 6D2130B5600209AFEB11DF68DCC1DA737EDEB5A7A4B540499FA009B291CB71EC51CB60
                                                                                    Function 00AE95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen
                                                                                    • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                    • API String ID: 176396367-2734436370
                                                                                    • Opcode ID: f82ed89f7a78b529bff69c5b1f5ebf44fedd6c186592b7fc445774e7df8fdc41
                                                                                    • Instruction ID: 0a11f6d79302de643d296d36d6927ab008341e42472fa58e6954daee4d474c90
                                                                                    • Opcode Fuzzy Hash: f82ed89f7a78b529bff69c5b1f5ebf44fedd6c186592b7fc445774e7df8fdc41
                                                                                    • Instruction Fuzzy Hash: F5215772204791A6D731BB269D02FBBB3E89F91300F60442AF94997081EB95ED85C3A5
                                                                                    Function 00B137B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00B13840
                                                                                    • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00B13850
                                                                                    • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00B13876
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$MoveWindow
                                                                                    • String ID: Listbox
                                                                                    • API String ID: 3315199576-2633736733
                                                                                    • Opcode ID: ac895b39d2a53753877b5ef28811454bd14f5a07b5f2bca876406ebf754b425d
                                                                                    • Instruction ID: 80757cc722409ec062b4cabc88a1c84a2143462fe1a9365187eea6da09cb1b23
                                                                                    • Opcode Fuzzy Hash: ac895b39d2a53753877b5ef28811454bd14f5a07b5f2bca876406ebf754b425d
                                                                                    • Instruction Fuzzy Hash: F321AC72600218BBEF218F54CC81FEB3BEEEF89B50F508164F9009B190DA719C9287A0
                                                                                    Function 00AF49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00AF4A08
                                                                                    • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00AF4A5C
                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,00B1CC08), ref: 00AF4AD0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorMode$InformationVolume
                                                                                    • String ID: %lu
                                                                                    • API String ID: 2507767853-685833217
                                                                                    • Opcode ID: 2048e27342b9b4796913cb25efd91d21077720e1547bebc80bbabda65d2e5660
                                                                                    • Instruction ID: 3b607f0b0b279553a4e2d8874e1bf37e2ccfc11ebf271021d8b29a095b762fca
                                                                                    • Opcode Fuzzy Hash: 2048e27342b9b4796913cb25efd91d21077720e1547bebc80bbabda65d2e5660
                                                                                    • Instruction Fuzzy Hash: 09312375A40109AFDB10EF54C985EAA7BF8EF09308F148099F509DB252DB71ED45CBA1
                                                                                    Function 00B141EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00B1424F
                                                                                    • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00B14264
                                                                                    • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00B14271
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID: msctls_trackbar32
                                                                                    • API String ID: 3850602802-1010561917
                                                                                    • Opcode ID: c7820a4f6b46011e5e969d9265e9be110c87da91633ce427f273d9c06323f389
                                                                                    • Instruction ID: 0b01477a86a320ca22bf44b4dae4edaea86c8a86b8379dbd8754208dd15bf91e
                                                                                    • Opcode Fuzzy Hash: c7820a4f6b46011e5e969d9265e9be110c87da91633ce427f273d9c06323f389
                                                                                    • Instruction Fuzzy Hash: 7F11CE31290208BEEF205E28CC06FEB3BECEB95B64F114524FA55E60A0D671DCA19B60
                                                                                    Function 00AE2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A
                                                                                      • Part of subcall function 00AE2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00AE2DC5
                                                                                      • Part of subcall function 00AE2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE2DD6
                                                                                      • Part of subcall function 00AE2DA7: GetCurrentThreadId.KERNEL32 ref: 00AE2DDD
                                                                                      • Part of subcall function 00AE2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00AE2DE4
                                                                                    • GetFocus.USER32 ref: 00AE2F78
                                                                                      • Part of subcall function 00AE2DEE: GetParent.USER32(00000000), ref: 00AE2DF9
                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00AE2FC3
                                                                                    • EnumChildWindows.USER32(?,00AE303B), ref: 00AE2FEB
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                    • String ID: %s%d
                                                                                    • API String ID: 1272988791-1110647743
                                                                                    • Opcode ID: 97401648eb29ba1abb402a51c7226c1b1da4f4d402c9321214c549b27bc14bcf
                                                                                    • Instruction ID: efc6d72d272da244775d9d9215a0d75c7888983d80aa7422ca570cef7e8a4bf9
                                                                                    • Opcode Fuzzy Hash: 97401648eb29ba1abb402a51c7226c1b1da4f4d402c9321214c549b27bc14bcf
                                                                                    • Instruction Fuzzy Hash: 1611B4756002456BDF147F758DC9FEE37AAAF94314F048075FA099B152DE309A458B60
                                                                                    Function 00B15882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B158C1
                                                                                    • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B158EE
                                                                                    • DrawMenuBar.USER32(?), ref: 00B158FD
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Menu$InfoItem$Draw
                                                                                    • String ID: 0
                                                                                    • API String ID: 3227129158-4108050209
                                                                                    • Opcode ID: 042484c222271b7aaada474756417d8d8bba5217fb5e6aea3ca654e198c642b0
                                                                                    • Instruction ID: 046e64ad28a38bc30aadede0fcce2de28980be1b8d52025721961c323494180f
                                                                                    • Opcode Fuzzy Hash: 042484c222271b7aaada474756417d8d8bba5217fb5e6aea3ca654e198c642b0
                                                                                    • Instruction Fuzzy Hash: 5B015B31600218EFDB219F11DC85BEEBBB9FB85360F5080A9E849D6251DB308A84DF21
                                                                                    Function 00AE007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e0051a6ffd701ccdb0d8792e8e576e7049d2213f790995b51572fdc369250294
                                                                                    • Instruction ID: dfa12a2a89c6d37102d49b105bc21cd143ea9de57d89c873192da0f136634068
                                                                                    • Opcode Fuzzy Hash: e0051a6ffd701ccdb0d8792e8e576e7049d2213f790995b51572fdc369250294
                                                                                    • Instruction Fuzzy Hash: 9FC14875A0024AAFCB14CFA9C894EAEB7B5FF48304F218598E505EF251D771EE81DB90
                                                                                    Function 00AB3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: __alldvrm$_strrchr
                                                                                    • String ID:
                                                                                    • API String ID: 1036877536-0
                                                                                    • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                    • Instruction ID: 3d6c98627804c329d5ec1f2aed55f3a2956d35f265b81b4dec48013c2291fb28
                                                                                    • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                    • Instruction Fuzzy Hash: C2A11772E003869FEB15DF28C8917FABBF9EF6A350F14426DE5959B283C2388941C750
                                                                                    Function 00B0342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Variant$ClearInitInitializeUninitialize
                                                                                    • String ID:
                                                                                    • API String ID: 1998397398-0
                                                                                    • Opcode ID: 2eb5b93b5be3dc53679a8770480fd4be470ec536072e67bebdd4414821224e25
                                                                                    • Instruction ID: bdcabf6bbb7c368e807613c973552bbd64aac075157f06bda63c00c7e5fb02fe
                                                                                    • Opcode Fuzzy Hash: 2eb5b93b5be3dc53679a8770480fd4be470ec536072e67bebdd4414821224e25
                                                                                    • Instruction Fuzzy Hash: 6FA13F756043009FC714EF28C585A2EBBE9FF88714F148899F99A9B3A2DB31ED05CB51
                                                                                    Function 00AE0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00B1FC08,?), ref: 00AE05F0
                                                                                    • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00B1FC08,?), ref: 00AE0608
                                                                                    • CLSIDFromProgID.OLE32(?,?,00000000,00B1CC40,000000FF,?,00000000,00000800,00000000,?,00B1FC08,?), ref: 00AE062D
                                                                                    • _memcmp.LIBVCRUNTIME ref: 00AE064E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FromProg$FreeTask_memcmp
                                                                                    • String ID:
                                                                                    • API String ID: 314563124-0
                                                                                    • Opcode ID: c110d143f78d168531444312f48d7a33d9c3653483257f419ed1632c68c9be90
                                                                                    • Instruction ID: 59a3fde26617507f2eeb5e8e5a027645a068ab680247ba57fe7d6e2b604dcbdc
                                                                                    • Opcode Fuzzy Hash: c110d143f78d168531444312f48d7a33d9c3653483257f419ed1632c68c9be90
                                                                                    • Instruction Fuzzy Hash: AE811B71A00109EFCB04DF95C984EEEB7B9FF89315F208598E516AB250DB71AE46CF60
                                                                                    Function 00B0A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00B0A6AC
                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00B0A6BA
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00B0A79C
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B0A7AB
                                                                                      • Part of subcall function 00A9CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00AC3303,?), ref: 00A9CE8A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 1991900642-0
                                                                                    • Opcode ID: 34feb7a7cfb7a05509e5f2b32c5d306db52c0225cbe55e17c4399dcc52c65089
                                                                                    • Instruction ID: a30ba309ec37bd2a02fdbf6a6e8c1c2587d784fffce5796201de96cceb5c06c3
                                                                                    • Opcode Fuzzy Hash: 34feb7a7cfb7a05509e5f2b32c5d306db52c0225cbe55e17c4399dcc52c65089
                                                                                    • Instruction Fuzzy Hash: D6518B71508311AFD710EF24C986E6BBBE8FF89754F00892DF589A7291EB30D904CB92
                                                                                    Function 00AC1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free
                                                                                    • String ID:
                                                                                    • API String ID: 269201875-0
                                                                                    • Opcode ID: 3189e001a86a630f3f5a0c0df8f4c6591796c7368d0b36f894f8995dc50192db
                                                                                    • Instruction ID: 7a6cb4d290ab3c359244fecce8d3914ba924e65367c814c7b7814af62eb2cf05
                                                                                    • Opcode Fuzzy Hash: 3189e001a86a630f3f5a0c0df8f4c6591796c7368d0b36f894f8995dc50192db
                                                                                    • Instruction Fuzzy Hash: 26412B75B00500ABDB296BF98E45FFE3AA9EF43370F16462DF419D7293E73448415261
                                                                                    Function 00B16278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetWindowRect.USER32(?,?), ref: 00B162E2
                                                                                    • ScreenToClient.USER32(?,?), ref: 00B16315
                                                                                    • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00B16382
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$ClientMoveRectScreen
                                                                                    • String ID:
                                                                                    • API String ID: 3880355969-0
                                                                                    • Opcode ID: 84f78ea3ed68394db6ce4601be8e84092659de1787d082b18d77b387e4e20329
                                                                                    • Instruction ID: 02d9bb15993257b216982d689c1f4f18d5fce2879ec0b66276d4357bd66456af
                                                                                    • Opcode Fuzzy Hash: 84f78ea3ed68394db6ce4601be8e84092659de1787d082b18d77b387e4e20329
                                                                                    • Instruction Fuzzy Hash: E4510A74A00209EFDB14DF68D980AEE7BF5EB45360F5085A9F8259B290DB70ED81CB90
                                                                                    Function 00B01AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • socket.WSOCK32(00000002,00000002,00000011), ref: 00B01AFD
                                                                                    • WSAGetLastError.WSOCK32 ref: 00B01B0B
                                                                                    • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00B01B8A
                                                                                    • WSAGetLastError.WSOCK32 ref: 00B01B94
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$socket
                                                                                    • String ID:
                                                                                    • API String ID: 1881357543-0
                                                                                    • Opcode ID: f7c9238930ad61d36ead07b064793d5cde1c7fff05bab8acf3bd9ed667f8d9bd
                                                                                    • Instruction ID: 7ce4c115fbeeddc879471a7638306e1573c42455ed6bcee579dccb6d26265317
                                                                                    • Opcode Fuzzy Hash: f7c9238930ad61d36ead07b064793d5cde1c7fff05bab8acf3bd9ed667f8d9bd
                                                                                    • Instruction Fuzzy Hash: 8F41A034640200AFE724AF24C986F697BE5EB44718F54C498FA1A9F7D2D772DD418B90
                                                                                    Function 00ABB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1f034f40f7dc4ed038bd624d78a31cb885113cc0817b04253a5712e5b681e413
                                                                                    • Instruction ID: 03d99683938e3ae80aa54c49b9e01be04bffa54306d26d7d183028b0d9fd28dd
                                                                                    • Opcode Fuzzy Hash: 1f034f40f7dc4ed038bd624d78a31cb885113cc0817b04253a5712e5b681e413
                                                                                    • Instruction Fuzzy Hash: D441F771A10704AFD7249F78CD41BEABBEDEB89710F10862EF156DB283D7B1994187A0
                                                                                    Function 00AF56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00AF5783
                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00AF57A9
                                                                                    • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00AF57CE
                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00AF57FA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                    • String ID:
                                                                                    • API String ID: 3321077145-0
                                                                                    • Opcode ID: 62055b8c2a6b1be29b1c3f52483061b644ca4990450da27e457380c3e7c93ce5
                                                                                    • Instruction ID: 0078210baf9718f1a0def4a1369c98950d4ce570610a233f0b35da1128776dc6
                                                                                    • Opcode Fuzzy Hash: 62055b8c2a6b1be29b1c3f52483061b644ca4990450da27e457380c3e7c93ce5
                                                                                    • Instruction Fuzzy Hash: AC412C35600610DFCB15EF55C544A5DBBE1AF49720B18C888E95A5B362CB30FD40CB91
                                                                                    Function 00ABD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00AA6D71,00000000,00000000,00AA82D9,?,00AA82D9,?,00000001,00AA6D71,8BE85006,00000001,00AA82D9,00AA82D9), ref: 00ABD910
                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00ABD999
                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00ABD9AB
                                                                                    • __freea.LIBCMT ref: 00ABD9B4
                                                                                      • Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                    • String ID:
                                                                                    • API String ID: 2652629310-0
                                                                                    • Opcode ID: a6b8f3ed7c547935e78faf7eb58da2931c04f026c1305df016a9ca446ab76c4c
                                                                                    • Instruction ID: 848f9a95a4ee5198f7e16b12227cef35be603173b7e6d5f7dd8701b95e046ff2
                                                                                    • Opcode Fuzzy Hash: a6b8f3ed7c547935e78faf7eb58da2931c04f026c1305df016a9ca446ab76c4c
                                                                                    • Instruction Fuzzy Hash: 9431BC72A0020AABDF249F64DC41EEE7BA9EB41710F154268FC04D7292EB36CD50CBA0
                                                                                    Function 00B152C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00B15352
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B15375
                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B15382
                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B153A8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: LongWindow$InvalidateMessageRectSend
                                                                                    • String ID:
                                                                                    • API String ID: 3340791633-0
                                                                                    • Opcode ID: f638550ef3d39fe2c2482048902e994f99ccdd7937ce8c8e5a5f5ce4fd2b213a
                                                                                    • Instruction ID: 30447c887dbc950920c002c5c8517420af647d544b993bb995aa25595780482d
                                                                                    • Opcode Fuzzy Hash: f638550ef3d39fe2c2482048902e994f99ccdd7937ce8c8e5a5f5ce4fd2b213a
                                                                                    • Instruction Fuzzy Hash: 4231C634A55A0CEFEB349E14EC45BE837E5EB85390FD44182FA22971E1C7B09DC0AB49
                                                                                    Function 00AEAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00AEABF1
                                                                                    • SetKeyboardState.USER32(00000080,?,00008000), ref: 00AEAC0D
                                                                                    • PostMessageW.USER32(00000000,00000101,00000000), ref: 00AEAC74
                                                                                    • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00AEACC6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                    • String ID:
                                                                                    • API String ID: 432972143-0
                                                                                    • Opcode ID: 074fd6b7ecff42f864e17cb8d1103f05cac38f80aa425a1294c9049b23548b94
                                                                                    • Instruction ID: 431399e90c4e3fc0ba18830e5eed54065d647db6c11c810a0098c6bbef7faf5b
                                                                                    • Opcode Fuzzy Hash: 074fd6b7ecff42f864e17cb8d1103f05cac38f80aa425a1294c9049b23548b94
                                                                                    • Instruction Fuzzy Hash: 02310730A407986FEF35CBA68C057FE7BB5ABE9310F28831AE485931D1C375A9858753
                                                                                    Function 00B17674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ClientToScreen.USER32(?,?), ref: 00B1769A
                                                                                    • GetWindowRect.USER32(?,?), ref: 00B17710
                                                                                    • PtInRect.USER32(?,?,00B18B89), ref: 00B17720
                                                                                    • MessageBeep.USER32(00000000), ref: 00B1778C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                                    • String ID:
                                                                                    • API String ID: 1352109105-0
                                                                                    • Opcode ID: f4c277ba797cd8294015431adffaa5d04caf088dde41e56f9630dbf087cb9ef1
                                                                                    • Instruction ID: aa768605f9d3ace40fb2d1a48a6e977063e0f39faef666e6a8a9304286d65367
                                                                                    • Opcode Fuzzy Hash: f4c277ba797cd8294015431adffaa5d04caf088dde41e56f9630dbf087cb9ef1
                                                                                    • Instruction Fuzzy Hash: 00415C74645214DFCB12CF58C894FE9BBF5FB49315F9581E8E4249B2A1CB30AD82CB90
                                                                                    Function 00B116DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetForegroundWindow.USER32 ref: 00B116EB
                                                                                      • Part of subcall function 00AE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE3A57
                                                                                      • Part of subcall function 00AE3A3D: GetCurrentThreadId.KERNEL32 ref: 00AE3A5E
                                                                                      • Part of subcall function 00AE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AE25B3), ref: 00AE3A65
                                                                                    • GetCaretPos.USER32(?), ref: 00B116FF
                                                                                    • ClientToScreen.USER32(00000000,?), ref: 00B1174C
                                                                                    • GetForegroundWindow.USER32 ref: 00B11752
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                    • String ID:
                                                                                    • API String ID: 2759813231-0
                                                                                    • Opcode ID: 22d285651f354046bb8acbee78ee73d68763d9f413df2702cf9bfd5f418500ee
                                                                                    • Instruction ID: fe2998b1408d215ccf8b39ec7f13314db4f6090f6b29ad75e9ec2570412a37b4
                                                                                    • Opcode Fuzzy Hash: 22d285651f354046bb8acbee78ee73d68763d9f413df2702cf9bfd5f418500ee
                                                                                    • Instruction Fuzzy Hash: 95314FB1D00249AFDB00EFA9C985CEEBBF9EF48304B5080A9E515E7251DB31DE45CBA1
                                                                                    Function 00AEDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625
                                                                                    • _wcslen.LIBCMT ref: 00AEDFCB
                                                                                    • _wcslen.LIBCMT ref: 00AEDFE2
                                                                                    • _wcslen.LIBCMT ref: 00AEE00D
                                                                                    • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00AEE018
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$ExtentPoint32Text
                                                                                    • String ID:
                                                                                    • API String ID: 3763101759-0
                                                                                    • Opcode ID: dfd506b0dcd3be2c0c7e77d2b5bb1f8258eae40c4032153902a22dc34b452f59
                                                                                    • Instruction ID: 1aa2b32dcfb2eb96864cf138d7928c7be2ba0669b1b2f5e431d9c60f125b631c
                                                                                    • Opcode Fuzzy Hash: dfd506b0dcd3be2c0c7e77d2b5bb1f8258eae40c4032153902a22dc34b452f59
                                                                                    • Instruction Fuzzy Hash: DC219571940214EFCB10EFA9DA81BAEB7F8EF8A750F144065F805BB285D7709E41CBA1
                                                                                    Function 00B18FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2
                                                                                    • GetCursorPos.USER32(?), ref: 00B19001
                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00AD7711,?,?,?,?,?), ref: 00B19016
                                                                                    • GetCursorPos.USER32(?), ref: 00B1905E
                                                                                    • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00AD7711,?,?,?), ref: 00B19094
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2864067406-0
                                                                                    • Opcode ID: 1c71b671e93c4cef063449697ea06dc9a3c663114ca004df00f61f9d368b4790
                                                                                    • Instruction ID: 8257312b48e8a22c385b67a91147fa22e0e1ec8f93ae8f1f205b40177bbca1cd
                                                                                    • Opcode Fuzzy Hash: 1c71b671e93c4cef063449697ea06dc9a3c663114ca004df00f61f9d368b4790
                                                                                    • Instruction Fuzzy Hash: 5D219F35600158EFCB25CF98CC69FEA7BF9EB49361F9440A9F90547261C7319D90DB60
                                                                                    Function 00AED2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetFileAttributesW.KERNEL32(?,00B1CB68), ref: 00AED2FB
                                                                                    • GetLastError.KERNEL32 ref: 00AED30A
                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00AED319
                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00B1CB68), ref: 00AED376
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                    • String ID:
                                                                                    • API String ID: 2267087916-0
                                                                                    • Opcode ID: a8e85f408d67f3f42803662d087c0a040f2c94f90ceba1a413b198f01a7f5cff
                                                                                    • Instruction ID: a286d5f5618841d99346c8e3eaea8ebcf66f8391cbca1c610bd319b7fd01a2b5
                                                                                    • Opcode Fuzzy Hash: a8e85f408d67f3f42803662d087c0a040f2c94f90ceba1a413b198f01a7f5cff
                                                                                    • Instruction Fuzzy Hash: 2321B2745083429F8710EF29C9818AFBBE4EE5A324F504A1DF499DB2E1DB30D945CB93
                                                                                    Function 00AE1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AE1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00AE102A
                                                                                      • Part of subcall function 00AE1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1036
                                                                                      • Part of subcall function 00AE1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1045
                                                                                      • Part of subcall function 00AE1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE104C
                                                                                      • Part of subcall function 00AE1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1062
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00AE15BE
                                                                                    • _memcmp.LIBVCRUNTIME ref: 00AE15E1
                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE1617
                                                                                    • HeapFree.KERNEL32(00000000), ref: 00AE161E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                    • String ID:
                                                                                    • API String ID: 1592001646-0
                                                                                    • Opcode ID: e90cc562b945d52d2a1a2918d5caaf9c93c5eeaf7263fb0cf13c2d95be007bd5
                                                                                    • Instruction ID: b41f2110c9f47ef8485a03d9e48d6862dbb7cbffffe2ca4195aa633f5abc11f6
                                                                                    • Opcode Fuzzy Hash: e90cc562b945d52d2a1a2918d5caaf9c93c5eeaf7263fb0cf13c2d95be007bd5
                                                                                    • Instruction Fuzzy Hash: 27218E71E40219EFDF10DFA6C949BEEB7B8EF44354F188459E445AB241E731AE05CBA0
                                                                                    Function 00B12782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00B1280A
                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B12824
                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B12832
                                                                                    • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00B12840
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Long$AttributesLayered
                                                                                    • String ID:
                                                                                    • API String ID: 2169480361-0
                                                                                    • Opcode ID: a524b54fafd34917a48c273c64e0ae8d91d1c79e51bfc464c60b3578671c933e
                                                                                    • Instruction ID: e96ddc2b66a01df7f8c6ff5e9b9c1bee5d8285b886ab23315a6a812cd68f065d
                                                                                    • Opcode Fuzzy Hash: a524b54fafd34917a48c273c64e0ae8d91d1c79e51bfc464c60b3578671c933e
                                                                                    • Instruction Fuzzy Hash: CA21B031205511AFD7149B24D845FEA7B96EF86324F548198F826CB6E2CB71FC92CBD0
                                                                                    Function 00AE78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00AE8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00AE790A,?,000000FF,?,00AE8754,00000000,?,0000001C,?,?), ref: 00AE8D8C
                                                                                      • Part of subcall function 00AE8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00AE8DB2
                                                                                      • Part of subcall function 00AE8D7D: lstrcmpiW.KERNEL32(00000000,?,00AE790A,?,000000FF,?,00AE8754,00000000,?,0000001C,?,?), ref: 00AE8DE3
                                                                                    • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00AE8754,00000000,?,0000001C,?,?,00000000), ref: 00AE7923
                                                                                    • lstrcpyW.KERNEL32(00000000,?), ref: 00AE7949
                                                                                    • lstrcmpiW.KERNEL32(00000002,cdecl,?,00AE8754,00000000,?,0000001C,?,?,00000000), ref: 00AE7984
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrcmpilstrcpylstrlen
                                                                                    • String ID: cdecl
                                                                                    • API String ID: 4031866154-3896280584
                                                                                    • Opcode ID: 5545d238ccf888546d2f65e8498804883d408b5666ab50dd86d7c5c39ccbb1bb
                                                                                    • Instruction ID: 7aa42df7300fdfca5fdd56fbf71b466edbc2bf60f84d5fec1028422d81d58ff4
                                                                                    • Opcode Fuzzy Hash: 5545d238ccf888546d2f65e8498804883d408b5666ab50dd86d7c5c39ccbb1bb
                                                                                    • Instruction Fuzzy Hash: 8611D33A200382AFCB159F36DC45E7A77E9FF85750B50802AF946C72A5EF319811D7A1
                                                                                    Function 00B17CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B17D0B
                                                                                    • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00B17D2A
                                                                                    • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00B17D42
                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00AFB7AD,00000000), ref: 00B17D6B
                                                                                      • Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Long
                                                                                    • String ID:
                                                                                    • API String ID: 847901565-0
                                                                                    • Opcode ID: 35124e5a348ab933d3758287120625fad6ef116b5deaef6c20757f4c862fee83
                                                                                    • Instruction ID: a2af15a61b500a88f66be275ba0ce47d3d8d5ee949e6583356e55ce1c3fd7829
                                                                                    • Opcode Fuzzy Hash: 35124e5a348ab933d3758287120625fad6ef116b5deaef6c20757f4c862fee83
                                                                                    • Instruction Fuzzy Hash: 7311AE71284618AFCB108F28DC04AE63BE5EF45364B5187A4F835C72E0DB3089A1CB80
                                                                                    Function 00B15660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,00001060,?,00000004), ref: 00B156BB
                                                                                    • _wcslen.LIBCMT ref: 00B156CD
                                                                                    • _wcslen.LIBCMT ref: 00B156D8
                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B15816
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 455545452-0
                                                                                    • Opcode ID: b6b3440077730e70a61baa3fb3169d8ca1d964c2be5be6619249ab367649466a
                                                                                    • Instruction ID: ff6d657b61007254bb3865baeb91a2b5a2cc3c7ad277c5d632a060197f0b8959
                                                                                    • Opcode Fuzzy Hash: b6b3440077730e70a61baa3fb3169d8ca1d964c2be5be6619249ab367649466a
                                                                                    • Instruction Fuzzy Hash: 6D11E131600608DADB309F65CCC1AEE77ECEF95364B9040A6F915D7185EB708AC0CBA0
                                                                                    Function 00AB1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bf90775317aa70d4b6ff21a1facef713cdce0bc5b4dae3608c8bf002c3204855
                                                                                    • Instruction ID: 09a7772be6a12e7c23c3f72df18619116cdbae3eb82430631556e523cb747f92
                                                                                    • Opcode Fuzzy Hash: bf90775317aa70d4b6ff21a1facef713cdce0bc5b4dae3608c8bf002c3204855
                                                                                    • Instruction Fuzzy Hash: 9701ADB220961A7EF62126786CD0FE76B6CDF817B8FB00326F525A21D3DB608C105160
                                                                                    Function 00AE1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00AE1A47
                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE1A59
                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE1A6F
                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE1A8A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: 1b26749355b095b9e1af9a9f4e0fca13616586657272f000c5e0746286dc6c87
                                                                                    • Instruction ID: ce0c25d109c77da81e7175077db278790737dbf50564bd3a4dbcf329394a7dd3
                                                                                    • Opcode Fuzzy Hash: 1b26749355b095b9e1af9a9f4e0fca13616586657272f000c5e0746286dc6c87
                                                                                    • Instruction Fuzzy Hash: EB11093AD41229FFEB11DBA5CD85FADBB78EB08750F2000A1EA05B7290D6716E50DB94
                                                                                    Function 00AEE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00AEE1FD
                                                                                    • MessageBoxW.USER32(?,?,?,?), ref: 00AEE230
                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00AEE246
                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00AEE24D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                    • String ID:
                                                                                    • API String ID: 2880819207-0
                                                                                    • Opcode ID: 1ddf2ef8e9f63da237eed4d914bdad5294d7da642e0316b54c32619cf78c0d80
                                                                                    • Instruction ID: c1253d33ac23d696940bb0aa0c3c8d53a9d6b7b0b54f6a3d9d0ef77237cec715
                                                                                    • Opcode Fuzzy Hash: 1ddf2ef8e9f63da237eed4d914bdad5294d7da642e0316b54c32619cf78c0d80
                                                                                    • Instruction Fuzzy Hash: 6111C876904254BBCB01DFAD9C05BDE7FADEB45311F148655F925E3291DAB08D048BA0
                                                                                    Function 00AAD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateThread.KERNEL32(00000000,?,00AACFF9,00000000,00000004,00000000), ref: 00AAD218
                                                                                    • GetLastError.KERNEL32 ref: 00AAD224
                                                                                    • __dosmaperr.LIBCMT ref: 00AAD22B
                                                                                    • ResumeThread.KERNEL32(00000000), ref: 00AAD249
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                    • String ID:
                                                                                    • API String ID: 173952441-0
                                                                                    • Opcode ID: 0af6841e362be37951f5f4d1ec708c05b82ba3d035dad04fa60538608a88eb50
                                                                                    • Instruction ID: 3a4623f1bddd6842abcb7fc45820452edfdafc96f4517f0514a0487463300b7f
                                                                                    • Opcode Fuzzy Hash: 0af6841e362be37951f5f4d1ec708c05b82ba3d035dad04fa60538608a88eb50
                                                                                    • Instruction Fuzzy Hash: 1701C076845204BBDB216BA5DC09BEE7E69EF83330F104229F926935D0DF708905C6A0
                                                                                    Function 00B19EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2
                                                                                    • GetClientRect.USER32(?,?), ref: 00B19F31
                                                                                    • GetCursorPos.USER32(?), ref: 00B19F3B
                                                                                    • ScreenToClient.USER32(?,?), ref: 00B19F46
                                                                                    • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00B19F7A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Client$CursorLongProcRectScreenWindow
                                                                                    • String ID:
                                                                                    • API String ID: 4127811313-0
                                                                                    • Opcode ID: 879d0b406c0ca5eea2b0d55fefd3c30cab0250300cba4865a8bdf5592b6b65d4
                                                                                    • Instruction ID: 7762cc8d0b2d46326bc0ae461edc1d0160ea906a8a3f5af722259166ea4821e3
                                                                                    • Opcode Fuzzy Hash: 879d0b406c0ca5eea2b0d55fefd3c30cab0250300cba4865a8bdf5592b6b65d4
                                                                                    • Instruction Fuzzy Hash: 71115A3290025ABBDB10DF68C8999EE7BF9FB05311F904495F911E3140D730BAC2CBA1
                                                                                    Function 00A8600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A8604C
                                                                                    • GetStockObject.GDI32(00000011), ref: 00A86060
                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A8606A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateMessageObjectSendStockWindow
                                                                                    • String ID:
                                                                                    • API String ID: 3970641297-0
                                                                                    • Opcode ID: 876f515731628bc48a96007c20cc38fc7a70436c2e40502da481693acb2a8cf8
                                                                                    • Instruction ID: ac67d790e2e12b8246c83db20d512fc323702d02894a086cfd661ed20879adbf
                                                                                    • Opcode Fuzzy Hash: 876f515731628bc48a96007c20cc38fc7a70436c2e40502da481693acb2a8cf8
                                                                                    • Instruction Fuzzy Hash: 2F116D72501508BFEF125FA49C54FEABF79EF083A5F048215FA1452150DB329C60DBA5
                                                                                    Function 00AA3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___BuildCatchObject.LIBVCRUNTIME ref: 00AA3B56
                                                                                      • Part of subcall function 00AA3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00AA3AD2
                                                                                      • Part of subcall function 00AA3AA3: ___AdjustPointer.LIBCMT ref: 00AA3AED
                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00AA3B6B
                                                                                    • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00AA3B7C
                                                                                    • CallCatchBlock.LIBVCRUNTIME ref: 00AA3BA4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                    • String ID:
                                                                                    • API String ID: 737400349-0
                                                                                    • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                    • Instruction ID: 5f1ebb6a4ea588ae01599e41dc7aec32c2d817bf2e2b74d4386c2a8ea009a06f
                                                                                    • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                    • Instruction Fuzzy Hash: 5C011732100148BBDF126F95DD42EEB7B6AEF8A754F044018FE4857161C772E9619BA0
                                                                                    Function 00AB3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00A813C6,00000000,00000000,?,00AB301A,00A813C6,00000000,00000000,00000000,?,00AB328B,00000006,FlsSetValue), ref: 00AB30A5
                                                                                    • GetLastError.KERNEL32(?,00AB301A,00A813C6,00000000,00000000,00000000,?,00AB328B,00000006,FlsSetValue,00B22290,FlsSetValue,00000000,00000364,?,00AB2E46), ref: 00AB30B1
                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00AB301A,00A813C6,00000000,00000000,00000000,?,00AB328B,00000006,FlsSetValue,00B22290,FlsSetValue,00000000), ref: 00AB30BF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                    • String ID:
                                                                                    • API String ID: 3177248105-0
                                                                                    • Opcode ID: 2870e7d44bba079c35e9cfe09bf5380bf00a93da77b916b0db196def42a5e3ba
                                                                                    • Instruction ID: e1c07bd83d07ac288309b3d3ef2456d27420a2131ca39aa4f69f4a4da7b1e125
                                                                                    • Opcode Fuzzy Hash: 2870e7d44bba079c35e9cfe09bf5380bf00a93da77b916b0db196def42a5e3ba
                                                                                    • Instruction Fuzzy Hash: 5B01D437745322ABCF315B78AC44AD77B9CAF05B61B604620F906E7141CB21D901C6E0
                                                                                    Function 00AE7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00AE747F
                                                                                    • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00AE7497
                                                                                    • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00AE74AC
                                                                                    • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00AE74CA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Type$Register$FileLoadModuleNameUser
                                                                                    • String ID:
                                                                                    • API String ID: 1352324309-0
                                                                                    • Opcode ID: 764085c5ec43042e0e8ea2dd415e7ecd11bf52d30f63d934a536000a6dbaed4e
                                                                                    • Instruction ID: 39cbc3574eef8e176509798ee2b37470017d370202f64fca66082844cb399140
                                                                                    • Opcode Fuzzy Hash: 764085c5ec43042e0e8ea2dd415e7ecd11bf52d30f63d934a536000a6dbaed4e
                                                                                    • Instruction Fuzzy Hash: 2911C0B5249354AFE720CF19EC08F9A7FFCEB00B00F508569AA16DB191DBB0E904DB60
                                                                                    Function 00AEB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB0C4
                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB0E9
                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB0F3
                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB126
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CounterPerformanceQuerySleep
                                                                                    • String ID:
                                                                                    • API String ID: 2875609808-0
                                                                                    • Opcode ID: dec7312deb7b900406594f4e9b68e1d21c17dbdad4085167d556d7ebe8a70672
                                                                                    • Instruction ID: b7eccab7837ed9a258d33b4b84e0ed9e21c3b09144b269af3ff5823fdab6d9ae
                                                                                    • Opcode Fuzzy Hash: dec7312deb7b900406594f4e9b68e1d21c17dbdad4085167d556d7ebe8a70672
                                                                                    • Instruction Fuzzy Hash: F8113931D51668E7CF00AFEAE9986EFBF78FF09721F108186D941B3181CB3056509B61
                                                                                    Function 00B17E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetWindowRect.USER32(?,?), ref: 00B17E33
                                                                                    • ScreenToClient.USER32(?,?), ref: 00B17E4B
                                                                                    • ScreenToClient.USER32(?,?), ref: 00B17E6F
                                                                                    • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B17E8A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClientRectScreen$InvalidateWindow
                                                                                    • String ID:
                                                                                    • API String ID: 357397906-0
                                                                                    • Opcode ID: e17b4ebabd5a93e2478db96bf53c98214831750bcb6a71a6bdeb3a00bdd731d9
                                                                                    • Instruction ID: cb7138445afde10a599c7e10b8bf7ce63e16626ca6aa0ae5705a5cd50520c748
                                                                                    • Opcode Fuzzy Hash: e17b4ebabd5a93e2478db96bf53c98214831750bcb6a71a6bdeb3a00bdd731d9
                                                                                    • Instruction Fuzzy Hash: 611143B9D4020AAFDB41CF98C8849EEBBF9FB09310F509056E915E3210D775AA54CF50
                                                                                    Function 00AE2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00AE2DC5
                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE2DD6
                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00AE2DDD
                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00AE2DE4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2710830443-0
                                                                                    • Opcode ID: 7d813e1b1cd9705c103bdaa2943cd108aed26b5ec49836f25be04420b9aa0e48
                                                                                    • Instruction ID: c810ce456f17117b126c3d3f2077dd9ff58eb24325f1a103051e0ed3cda53541
                                                                                    • Opcode Fuzzy Hash: 7d813e1b1cd9705c103bdaa2943cd108aed26b5ec49836f25be04420b9aa0e48
                                                                                    • Instruction Fuzzy Hash: 79E06D715812247AD7201B639C4DFEB3E6CEB42BA1F904115B205D3080DEA08840C6B0
                                                                                    Function 00B18863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A99639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A99693
                                                                                      • Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996A2
                                                                                      • Part of subcall function 00A99639: BeginPath.GDI32(?), ref: 00A996B9
                                                                                      • Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996E2
                                                                                    • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00B18887
                                                                                    • LineTo.GDI32(?,?,?), ref: 00B18894
                                                                                    • EndPath.GDI32(?), ref: 00B188A4
                                                                                    • StrokePath.GDI32(?), ref: 00B188B2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                    • String ID:
                                                                                    • API String ID: 1539411459-0
                                                                                    • Opcode ID: 3fa39ffe5406faa88db0a33f53207ac172973346409060cf7b0d4b83c4addfec
                                                                                    • Instruction ID: e666af22e73f205a2754a5af1f31cf0930c2c3581d8065468559784afcfcb517
                                                                                    • Opcode Fuzzy Hash: 3fa39ffe5406faa88db0a33f53207ac172973346409060cf7b0d4b83c4addfec
                                                                                    • Instruction Fuzzy Hash: A0F05E36081258FADB125F98AC0EFCE3F99AF0A311F848040FA11660E2CB755562CFE9
                                                                                    Function 00A998B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetSysColor.USER32(00000008), ref: 00A998CC
                                                                                    • SetTextColor.GDI32(?,?), ref: 00A998D6
                                                                                    • SetBkMode.GDI32(?,00000001), ref: 00A998E9
                                                                                    • GetStockObject.GDI32(00000005), ref: 00A998F1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Color$ModeObjectStockText
                                                                                    • String ID:
                                                                                    • API String ID: 4037423528-0
                                                                                    • Opcode ID: 23c1f9a1639bd2078d4ec6702b1577dce1b964eca1d479f570554133c909358f
                                                                                    • Instruction ID: 2cb40900c98affeaa04e82d4951786373fe716d6727e6d553ec8b5b3589f9c45
                                                                                    • Opcode Fuzzy Hash: 23c1f9a1639bd2078d4ec6702b1577dce1b964eca1d479f570554133c909358f
                                                                                    • Instruction Fuzzy Hash: 0AE06D312C4280BADB215B78BC09BED3F61AB12336F14C21AF6FA690E1CB7146509B11
                                                                                    Function 00AE162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCurrentThread.KERNEL32 ref: 00AE1634
                                                                                    • OpenThreadToken.ADVAPI32(00000000,?,?,?,00AE11D9), ref: 00AE163B
                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00AE11D9), ref: 00AE1648
                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,00AE11D9), ref: 00AE164F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentOpenProcessThreadToken
                                                                                    • String ID:
                                                                                    • API String ID: 3974789173-0
                                                                                    • Opcode ID: a12d81bebd1b4533a93e0126f7ace81b63c1ccab4a4a1abd9b28f497464ead59
                                                                                    • Instruction ID: 62e9f2d609b2f771d30f631269f79544377d852cace0ea481e514b0908593791
                                                                                    • Opcode Fuzzy Hash: a12d81bebd1b4533a93e0126f7ace81b63c1ccab4a4a1abd9b28f497464ead59
                                                                                    • Instruction Fuzzy Hash: F8E08631641221DBD7202FA1AD0DBC63F7CBF45795F14C808F245CB080DA344540C754
                                                                                    Function 00ADD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDesktopWindow.USER32 ref: 00ADD858
                                                                                    • GetDC.USER32(00000000), ref: 00ADD862
                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00ADD882
                                                                                    • ReleaseDC.USER32(?), ref: 00ADD8A3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2889604237-0
                                                                                    • Opcode ID: 63b70cb8b337c1237aaab46e39640a08b40c29c9fa3ada48e7f3376cc19abcba
                                                                                    • Instruction ID: 47df62f2fdd0fc0fa3c44e057940a52211bcfb766e1bf829168e6c43f43702fe
                                                                                    • Opcode Fuzzy Hash: 63b70cb8b337c1237aaab46e39640a08b40c29c9fa3ada48e7f3376cc19abcba
                                                                                    • Instruction Fuzzy Hash: 4AE012B4840204EFCF41AFA0D90CAADBFB2FB08310F60D009E80AE7250CB388A41EF50
                                                                                    Function 00ADD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDesktopWindow.USER32 ref: 00ADD86C
                                                                                    • GetDC.USER32(00000000), ref: 00ADD876
                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00ADD882
                                                                                    • ReleaseDC.USER32(?), ref: 00ADD8A3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2889604237-0
                                                                                    • Opcode ID: 980bcc27c3d7f91dee28e973223a1226f8abce5e6d2295ab376f30973c1b3388
                                                                                    • Instruction ID: 3a59e6db21bd869b58a5e74a9f9b015398c77a5b155c3dc9ab3265aa2c149902
                                                                                    • Opcode Fuzzy Hash: 980bcc27c3d7f91dee28e973223a1226f8abce5e6d2295ab376f30973c1b3388
                                                                                    • Instruction Fuzzy Hash: 48E092B5D40204EFCF51AFA0D94C6ADBFB5BB08311B549449E94AE7250CB385A41EF50
                                                                                    Function 00AF4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625
                                                                                    • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00AF4ED4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Connection_wcslen
                                                                                    • String ID: *$LPT
                                                                                    • API String ID: 1725874428-3443410124
                                                                                    • Opcode ID: 0dc5b75cdadfc5ed9116be0ff80a7b0f163188a85ea70c3e903133a996f14892
                                                                                    • Instruction ID: 4cedac2c7433002cade8e7407ab77220909dbb08c861549711edc20359a055ba
                                                                                    • Opcode Fuzzy Hash: 0dc5b75cdadfc5ed9116be0ff80a7b0f163188a85ea70c3e903133a996f14892
                                                                                    • Instruction Fuzzy Hash: 72916D75A002089FCB14DF98C584EAABBF1BF48704F188099F94A9F362D731ED85CB90
                                                                                    Function 00AAE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 00AAE30D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorHandling__start
                                                                                    • String ID: pow
                                                                                    • API String ID: 3213639722-2276729525
                                                                                    • Opcode ID: 6b08328f2cbd3a768d6c35b419a72a8f644e1ae095e136f41b4dafc66f9caefd
                                                                                    • Instruction ID: ff8a8bf960050d990880c8c5d85093c2e86a83ff9d01bc8f0c718ee9acc2b030
                                                                                    • Opcode Fuzzy Hash: 6b08328f2cbd3a768d6c35b419a72a8f644e1ae095e136f41b4dafc66f9caefd
                                                                                    • Instruction Fuzzy Hash: E9512B71A0C20296CF15F718CA417FD3BACAF81780F344D98E096872EAEF758C959A56
                                                                                    Function 00A9E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: #
                                                                                    • API String ID: 0-1885708031
                                                                                    • Opcode ID: 4f9745b836c850abcc94e22845c01d4737a728ad17069356660ec6b3f878ff09
                                                                                    • Instruction ID: b9e308044d0e92b5feb3af82c1b4279b8d7009aa6e2a02031fa4b38d8e70b333
                                                                                    • Opcode Fuzzy Hash: 4f9745b836c850abcc94e22845c01d4737a728ad17069356660ec6b3f878ff09
                                                                                    • Instruction Fuzzy Hash: 1F51F175A04246DFDF15EF68C481AFA7BB8EF65310F24405AE8929F3D1DA349D42CBA0
                                                                                    Function 00A9F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • Sleep.KERNEL32(00000000), ref: 00A9F2A2
                                                                                    • GlobalMemoryStatusEx.KERNEL32(?), ref: 00A9F2BB
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: GlobalMemorySleepStatus
                                                                                    • String ID: @
                                                                                    • API String ID: 2783356886-2766056989
                                                                                    • Opcode ID: 3e04200a84c0a28bc5db054fd99e746fbb6adfdf79b0a62dd6f78b0f8fd1214f
                                                                                    • Instruction ID: b56842a9a52dac5e9755d844b4559579e16eca8998d5634edfffa322aca9e7b0
                                                                                    • Opcode Fuzzy Hash: 3e04200a84c0a28bc5db054fd99e746fbb6adfdf79b0a62dd6f78b0f8fd1214f
                                                                                    • Instruction Fuzzy Hash: 375158714087449BE320AF14ED86BAFBBF8FF84314F91884DF2D951195EB308929CB66
                                                                                    Function 00B05745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00B057E0
                                                                                    • _wcslen.LIBCMT ref: 00B057EC
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: BuffCharUpper_wcslen
                                                                                    • String ID: CALLARGARRAY
                                                                                    • API String ID: 157775604-1150593374
                                                                                    • Opcode ID: f503f38094cfef66e7241b6fd63e093e8a9fd231f1d8151c20c1484eb3bfe922
                                                                                    • Instruction ID: 306db88396470623a79a457c240fdfcac46863aa616754723ca019f59d92bb4e
                                                                                    • Opcode Fuzzy Hash: f503f38094cfef66e7241b6fd63e093e8a9fd231f1d8151c20c1484eb3bfe922
                                                                                    • Instruction Fuzzy Hash: 34418F31A006099FCB14DFA9C9859BEBBF9EF59350F1480A9E905A7291EB70DD81CF90
                                                                                    Function 00AFD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _wcslen.LIBCMT ref: 00AFD130
                                                                                    • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00AFD13A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CrackInternet_wcslen
                                                                                    • String ID: |
                                                                                    • API String ID: 596671847-2343686810
                                                                                    • Opcode ID: 29eacb24e421cec4f35ef6264e2d5d3ef65d0b94b61ee2501ef735229efe15fb
                                                                                    • Instruction ID: 7cd27ef544fda1af982c9116655a919ef2b8c6432e83e7ba100c2b0c80fcc86f
                                                                                    • Opcode Fuzzy Hash: 29eacb24e421cec4f35ef6264e2d5d3ef65d0b94b61ee2501ef735229efe15fb
                                                                                    • Instruction Fuzzy Hash: 81313E71D00209ABDF15EFE4CD85AEEBFBAFF05300F000119F915A6165E731AA56DB64
                                                                                    Function 00B1356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DestroyWindow.USER32(?,?,?,?), ref: 00B13621
                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00B1365C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$DestroyMove
                                                                                    • String ID: static
                                                                                    • API String ID: 2139405536-2160076837
                                                                                    • Opcode ID: b2e3074822d43182c3f4e2075baa347a2a9ba325a88a2cb871ea5492731e7223
                                                                                    • Instruction ID: 7a381924f0126c8c612731a38aef9ad43b7ed771e93fa57426dfd0e8b16c20fd
                                                                                    • Opcode Fuzzy Hash: b2e3074822d43182c3f4e2075baa347a2a9ba325a88a2cb871ea5492731e7223
                                                                                    • Instruction Fuzzy Hash: AA319E71100204AEEB109F28DC80FFB73E9FF98B64F508619F9A597290DA30AD91C760
                                                                                    Function 00B14537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00B1461F
                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B14634
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID: '
                                                                                    • API String ID: 3850602802-1997036262
                                                                                    • Opcode ID: dedc2322882a607ec1043d0423c9e9d56c1926f0d93f4b0f4b0389d4a95a6203
                                                                                    • Instruction ID: 4d92ea4e928e208d882ca1c8ab252e6f621da106a7ab9440e3127c16216985e5
                                                                                    • Opcode Fuzzy Hash: dedc2322882a607ec1043d0423c9e9d56c1926f0d93f4b0f4b0389d4a95a6203
                                                                                    • Instruction Fuzzy Hash: 03311674A0020A9FDF14CFA9C980BDA7BF6FB19304F5444AAE904AB341D770A981CF90
                                                                                    Function 00B131EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B1327C
                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B13287
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID: Combobox
                                                                                    • API String ID: 3850602802-2096851135
                                                                                    • Opcode ID: 56b7fa2e1c6ad39d52cac01c21ad6195df610035f758ce4d743d9f4dc7bd7d08
                                                                                    • Instruction ID: 53882d87cff31623f933b09403412f7b4ecc0595fa98c607630864633cbebaa2
                                                                                    • Opcode Fuzzy Hash: 56b7fa2e1c6ad39d52cac01c21ad6195df610035f758ce4d743d9f4dc7bd7d08
                                                                                    • Instruction Fuzzy Hash: B511B2713002087FFF21AE54DC80EFB3BEAEB98764F504164F918A7290E6319D9187A0
                                                                                    Function 00B13710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A8600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A8604C
                                                                                      • Part of subcall function 00A8600E: GetStockObject.GDI32(00000011), ref: 00A86060
                                                                                      • Part of subcall function 00A8600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A8606A
                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00B1377A
                                                                                    • GetSysColor.USER32(00000012), ref: 00B13794
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                    • String ID: static
                                                                                    • API String ID: 1983116058-2160076837
                                                                                    • Opcode ID: b8b4084e399041024a838f210547763b09e644b6152bd47ef55744c236e474f7
                                                                                    • Instruction ID: 2b02397816be642be00fd4dbd5c6ae68816a7c1c597e3e76db34dba2bcba12bb
                                                                                    • Opcode Fuzzy Hash: b8b4084e399041024a838f210547763b09e644b6152bd47ef55744c236e474f7
                                                                                    • Instruction Fuzzy Hash: 461137B2610209AFDF01DFA8CC46EEA7BF8FB08714F404954F955E3250EB35E8619B60
                                                                                    Function 00AFCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00AFCD7D
                                                                                    • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00AFCDA6
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Internet$OpenOption
                                                                                    • String ID: <local>
                                                                                    • API String ID: 942729171-4266983199
                                                                                    • Opcode ID: bd163f0ef1fb2529d547fa116c432cf770f4eea48050162a826defa563346eb0
                                                                                    • Instruction ID: 8298fa73180333a4fbb2e0e5f0aa04c8b4b1d34335fe34029f73749cb323185b
                                                                                    • Opcode Fuzzy Hash: bd163f0ef1fb2529d547fa116c432cf770f4eea48050162a826defa563346eb0
                                                                                    • Instruction Fuzzy Hash: 4E11C27124563DBAD7384BA78C49EFBBEACEF127B4F40422AB20983080D7709941D6F0
                                                                                    Function 00B13429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetWindowTextLengthW.USER32(00000000), ref: 00B134AB
                                                                                    • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00B134BA
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: LengthMessageSendTextWindow
                                                                                    • String ID: edit
                                                                                    • API String ID: 2978978980-2167791130
                                                                                    • Opcode ID: 698ac6083e2a317bacaae59bf48c6f52c202edadd96caca34e2cd2de59a08edf
                                                                                    • Instruction ID: 26cddfcb56284b7365fc855b9dafc8239dd521b9aaa4b728af2a57d25c399cb8
                                                                                    • Opcode Fuzzy Hash: 698ac6083e2a317bacaae59bf48c6f52c202edadd96caca34e2cd2de59a08edf
                                                                                    • Instruction Fuzzy Hash: 2811BF71100208AFEB228E64DC80AEB3BEAEB14B74F908364FA65932E0D731DCD19750
                                                                                    Function 00AE6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                    • CharUpperBuffW.USER32(?,?,?), ref: 00AE6CB6
                                                                                    • _wcslen.LIBCMT ref: 00AE6CC2
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                    • String ID: STOP
                                                                                    • API String ID: 1256254125-2411985666
                                                                                    • Opcode ID: 119a9923c767e30e8cbe9a0c501109e4e5afc65f942f010a4c07b2fef02cf569
                                                                                    • Instruction ID: 73397bbb514a74dc60eb0c35c2a0477fc45db645796b1aeabfa581dfc0dfbe4a
                                                                                    • Opcode Fuzzy Hash: 119a9923c767e30e8cbe9a0c501109e4e5afc65f942f010a4c07b2fef02cf569
                                                                                    • Instruction Fuzzy Hash: E90104326009668BCB20AFBECC908BF77B5FAB57907600D28E86293191EB31D900C750
                                                                                    Function 00AE1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                      • Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA
                                                                                    • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00AE1D4C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                    • String ID: ComboBox$ListBox
                                                                                    • API String ID: 624084870-1403004172
                                                                                    • Opcode ID: eaf1fd8aaccb4dfd4b630a988e19747808662b4ac6436ae9aad2398c06e71741
                                                                                    • Instruction ID: 665c46336464af906f79be9e7e0cfe5f1bcc292fa6ee1c6bec0dd93439e218de
                                                                                    • Opcode Fuzzy Hash: eaf1fd8aaccb4dfd4b630a988e19747808662b4ac6436ae9aad2398c06e71741
                                                                                    • Instruction Fuzzy Hash: 7101D471601228ABCF18FFA5CE95CFF77A8EB46350B540619F832672D2EA3199088761
                                                                                    Function 00AE1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                      • Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA
                                                                                    • SendMessageW.USER32(?,00000180,00000000,?), ref: 00AE1C46
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                    • String ID: ComboBox$ListBox
                                                                                    • API String ID: 624084870-1403004172
                                                                                    • Opcode ID: 598064eba1f80a2f16d6df52d332ae60dbd165afbf0f9f41fc45d86bc05864c4
                                                                                    • Instruction ID: 219521cfae22db2279b7fef0fda3adbc69c3333d3cfd8ff37cd05422bdec20ef
                                                                                    • Opcode Fuzzy Hash: 598064eba1f80a2f16d6df52d332ae60dbd165afbf0f9f41fc45d86bc05864c4
                                                                                    • Instruction Fuzzy Hash: 1B01A7757811586BCF14FB91CA559FF77A89B51340F240019F416B7282EA319F1C97B2
                                                                                    Function 00AE1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                      • Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA
                                                                                    • SendMessageW.USER32(?,00000182,?,00000000), ref: 00AE1CC8
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                    • String ID: ComboBox$ListBox
                                                                                    • API String ID: 624084870-1403004172
                                                                                    • Opcode ID: f9bf0c6750e43ec6285a55d51edcb798858120b8439cad826b36c913a8f2bd3b
                                                                                    • Instruction ID: ca1a386c1dc668e9590e563cdfbccb3132252fc6197b4994ff35c2c98e45c49f
                                                                                    • Opcode Fuzzy Hash: f9bf0c6750e43ec6285a55d51edcb798858120b8439cad826b36c913a8f2bd3b
                                                                                    • Instruction Fuzzy Hash: DB01D6B16811686BCF14FBA2CB05AFF77E89B51340F240415B802B3282EA319F18D772
                                                                                    Function 00AE1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD
                                                                                      • Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA
                                                                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00AE1DD3
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                    • String ID: ComboBox$ListBox
                                                                                    • API String ID: 624084870-1403004172
                                                                                    • Opcode ID: 0c2157a63edde5619c2b3b39d67c49d48f6d6705c54b0436aa6e0007e351a88b
                                                                                    • Instruction ID: 489ad511cf2ce2fb7fe2fd73e059bd35f7da742797b1cbfa90c87b61eca47014
                                                                                    • Opcode Fuzzy Hash: 0c2157a63edde5619c2b3b39d67c49d48f6d6705c54b0436aa6e0007e351a88b
                                                                                    • Instruction Fuzzy Hash: E5F0A971A416296BDB14F7A5CD95AFF77B8AB01350F580915F422632C1EA715A088361
                                                                                    Function 00B0747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen
                                                                                    • String ID: 3, 3, 16, 1
                                                                                    • API String ID: 176396367-3042988571
                                                                                    • Opcode ID: e49a2f2a9c59cc032bcc90ec9b0c28ec3425cdaff8527021fe5f461c41f1d59b
                                                                                    • Instruction ID: 745ef6143674f96a0bf42f71bb34a4b558e4dab131f13032db4a5466ad9372dd
                                                                                    • Opcode Fuzzy Hash: e49a2f2a9c59cc032bcc90ec9b0c28ec3425cdaff8527021fe5f461c41f1d59b
                                                                                    • Instruction Fuzzy Hash: A7E02B02A5426010D23116799DC197FDBCDCFCA790710186BF981C33E6EFD49DA293A0
                                                                                    Function 00AE0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00AE0B23
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message
                                                                                    • String ID: AutoIt$Error allocating memory.
                                                                                    • API String ID: 2030045667-4017498283
                                                                                    • Opcode ID: e04311b0e7dbf2f8af92b08ffa1a5b33aeadbbb56e8b7dc594b90399faab3434
                                                                                    • Instruction ID: d8fb56594544b2b1fded4cc428a578748b20f5e7c5c64156763abb95710a9a38
                                                                                    • Opcode Fuzzy Hash: e04311b0e7dbf2f8af92b08ffa1a5b33aeadbbb56e8b7dc594b90399faab3434
                                                                                    • Instruction Fuzzy Hash: D3E0D8323843082BD62037547D03FC97EC58F06F50F10046AF748954D38BD1299006E9
                                                                                    Function 00AA0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00A9F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00AA0D71,?,?,?,00A8100A), ref: 00A9F7CE
                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,00A8100A), ref: 00AA0D75
                                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A8100A), ref: 00AA0D84
                                                                                    Strings
                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00AA0D7F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                    • API String ID: 55579361-631824599
                                                                                    • Opcode ID: 27ac9a6d10525efad39fd3a1c923147eaf3fa8b29a605ac1398f9841a3ac4c9a
                                                                                    • Instruction ID: 8d8519b1d8ecbda90ec3b10d69f21ca8bd2507eca54254e0fff6f67d2f72f5d3
                                                                                    • Opcode Fuzzy Hash: 27ac9a6d10525efad39fd3a1c923147eaf3fa8b29a605ac1398f9841a3ac4c9a
                                                                                    • Instruction Fuzzy Hash: C9E06D752007018BD360AFBCD508B927BE0AB01740F40896DE486C76A1EBB5E488CB91
                                                                                    Function 00AF3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00AF302F
                                                                                    • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00AF3044
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Temp$FileNamePath
                                                                                    • String ID: aut
                                                                                    • API String ID: 3285503233-3010740371
                                                                                    • Opcode ID: ad50417d46135138b446c25fe3e4587a781bdfdfd676af17e440be1b22442af5
                                                                                    • Instruction ID: 86746fb37b56eb8fefe5b2c17effc3894ee379a6ecefb47183f40609f7894a66
                                                                                    • Opcode Fuzzy Hash: ad50417d46135138b446c25fe3e4587a781bdfdfd676af17e440be1b22442af5
                                                                                    • Instruction Fuzzy Hash: EBD05EB254032867DA20A7A4AC0EFCB3F6CDB05750F4002A1B655E30A1DEF09A84CAD0
                                                                                    Function 00ADD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: LocalTime
                                                                                    • String ID: %.3d$X64
                                                                                    • API String ID: 481472006-1077770165
                                                                                    • Opcode ID: 7f4fac8a890df5a8ebe4aa9759a77435b8a1733c5a31bfad8bd6b1052e71c719
                                                                                    • Instruction ID: b1c19c2a58f15eefcadee1f373d5d5bcf97f02691a01ebd19a08c6b7c94d982d
                                                                                    • Opcode Fuzzy Hash: 7f4fac8a890df5a8ebe4aa9759a77435b8a1733c5a31bfad8bd6b1052e71c719
                                                                                    • Instruction Fuzzy Hash: 69D012B1948108EACF509AD0CC458F9B7BCEB18341F508453F807D2140DA34C649A761
                                                                                    Function 00B12322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B1232C
                                                                                    • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00B1233F
                                                                                      • Part of subcall function 00AEE97B: Sleep.KERNEL32 ref: 00AEE9F3
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                    • String ID: Shell_TrayWnd
                                                                                    • API String ID: 529655941-2988720461
                                                                                    • Opcode ID: 365d9ab950a8d9884e1585f13e1b41ff7df4ee727b2e52f10f5b07376c800ace
                                                                                    • Instruction ID: e3963a4e3850132c5d4840c69aae7d489397bc6ac85026c279900e0dcb4ec2ec
                                                                                    • Opcode Fuzzy Hash: 365d9ab950a8d9884e1585f13e1b41ff7df4ee727b2e52f10f5b07376c800ace
                                                                                    • Instruction Fuzzy Hash: FDD0C9363D4350BAE664A771DC0FFC6AA55AB10B10F4089167645AB1E5D9A0A841CA54
                                                                                    Function 00B12356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B1236C
                                                                                    • PostMessageW.USER32(00000000), ref: 00B12373
                                                                                      • Part of subcall function 00AEE97B: Sleep.KERNEL32 ref: 00AEE9F3
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                    • String ID: Shell_TrayWnd
                                                                                    • API String ID: 529655941-2988720461
                                                                                    • Opcode ID: 11a4a1d4c6d0d75e840cd0ddec41532591853267d833888d8dda7e8f1ddfabb0
                                                                                    • Instruction ID: 495225f42807eea0a4879174ba6ca9f06c53ad80cde0763d134e232db5fb695d
                                                                                    • Opcode Fuzzy Hash: 11a4a1d4c6d0d75e840cd0ddec41532591853267d833888d8dda7e8f1ddfabb0
                                                                                    • Instruction Fuzzy Hash: 2AD0C9323C13507AE664A771DC0FFC6AA55AB15B10F4089167645AB1E5D9A0A841CA54
                                                                                    Function 00ABBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00ABBE93
                                                                                    • GetLastError.KERNEL32 ref: 00ABBEA1
                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00ABBEFC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1988577525.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1988549547.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989747232.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989811333.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1989834512.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a80000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                    • String ID:
                                                                                    • API String ID: 1717984340-0
                                                                                    • Opcode ID: cc0a370344734d7aa52872d76794b1a93c6ac4341fbc7a1cac0489ce2b410d7d
                                                                                    • Instruction ID: f15a88f4a4c485231cbe407fd02426fcad01551f52f3516e4e38ce680390d154
                                                                                    • Opcode Fuzzy Hash: cc0a370344734d7aa52872d76794b1a93c6ac4341fbc7a1cac0489ce2b410d7d
                                                                                    • Instruction Fuzzy Hash: 1441C334610206AFCF258FB5CD44AFA7BADAF42310F244169F9599B1A2DBB0CD01DB70

                                                                                    Execution Graph

                                                                                    Execution Coverage:1.1%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:100%
                                                                                    Total number of Nodes:6
                                                                                    Total number of Limit Nodes:0
                                                                                    execution_graph 5106 1489c6864b2 5107 1489c686509 NtQuerySystemInformation 5106->5107 5108 1489c684884 5106->5108 5107->5108 5103 1489c664eb7 5104 1489c664ec7 NtQuerySystemInformation 5103->5104 5105 1489c664e64 5104->5105

                                                                                    Callgraph

                                                                                    Executed Functions

                                                                                    Function 000001489C6864B2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000F.00000002.3234309730.000001489C684000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001489C684000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_15_2_1489c684000_firefox.jbxd
                                                                                    Similarity
                                                                                    • API ID: InformationQuerySystem
                                                                                    • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                    • API String ID: 3562636166-3072146587
                                                                                    • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                    • Instruction ID: db14ff623cc54e988ef2ff236f785d233dc17c18971b9b3cdf9ea6174bdabfcc
                                                                                    • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                    • Instruction Fuzzy Hash: B4A3E431618E488BDB2EDF19DC952F973E5FB98304F14422ED94AC7255EE35EA028BC1